{"id":377,"date":"2015-11-08T20:37:45","date_gmt":"2015-11-08T20:37:45","guid":{"rendered":"http:\/\/nethemba.com\/cs\/?page_id=377"},"modified":"2019-08-19T11:22:50","modified_gmt":"2019-08-19T10:22:50","slug":"bezpecnostni-audit-mobilni-aplikace","status":"publish","type":"page","link":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/","title":{"rendered":"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace"},"content":{"rendered":"<p>Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace zahrnuje v\u00a0sob\u011b, jak technick\u00fd bezpe\u010dnostn\u00ed audit samotn\u00e9 mobiln\u00ed aplikace, tak bezpe\u010dnostn\u00ed audit serverov\u00fdch webov\u00fdch slu\u017eeb (REST \/ SOAP), se kter\u00fdmi mobiln\u00ed aplikace komunikuje.<\/p>\n<p>P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project\">OWASP Mobile Security Project<\/a>\u00a0se zam\u011b\u0159en\u00edm na\u00a0<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project#Top_Ten_Mobile_Controls\">Top Ten Mobile Controls<\/a>:<\/p>\n<p>1. Identifikace a zabezpe\u010den\u00ed citliv\u00fdch dat v telefonu.<br \/>\n2. Kontrola kvality a bezpe\u010dn\u00e9ho \u00falo\u017ei\u0161t\u011b pro hesla, heslov\u00e9 fr\u00e1ze a dal\u0161\u00ed citliv\u00e9 informace v telefonu.<br \/>\n3. Jsou citliv\u00e9 data chr\u00e1n\u011bna p\u0159i p\u0159enosu (\u0161ifrov\u00e1n\u00edm)?<br \/>\n4. Jsou autentizace, autorizace a session-management v dan\u00e9 aplikaci korektn\u011b implementov\u00e1ny?<br \/>\n5. Je koncov\u00e9 &#8222;backend&#8220; API rozhran\u00ed (webov\u00e9 slu\u017eby) implementov\u00e1no bezpe\u010dn\u011b?<br \/>\n6. Je integrace se slu\u017ebami a aplikacemi t\u0159et\u00edch stran bezpe\u010dn\u00e1?<br \/>\n7. Jsou o u\u017eivateli mobiln\u00ed aplikace sb\u00edr\u00e1ny pouze takov\u00e9 informace o kter\u00fdch si je v\u011bdom?<br \/>\n8. Ov\u011b\u0159en\u00ed mo\u017enosti neautorizovan\u00e9ho p\u0159\u00edstupu k speci\u00e1ln\u00edm citliv\u00fdm dat\u016fm (digit\u00e1ln\u00ed pen\u011b\u017eenka, SMS, hovory, adres\u00e1\u0159, apod.).<br \/>\n9. Ov\u011b\u0159en\u00ed bezpe\u010dn\u00e9 a d\u016fv\u011bryhodn\u00e9 distribuce mobiln\u00ed aplikace (je bezpe\u010dn\u011b aktualizov\u00e1na, je digit\u00e1ln\u011b podeps\u00e1na d\u016fv\u011bryhodnou autoritou, ..).<br \/>\n10. Detailn\u00ed kontrola interpreta\u010dn\u00edch chyb (kontrola v\u0161ech aplika\u010dn\u00edch vstup\u016f, hloubkov\u00e9 fuzzy testov\u00e1n\u00ed)<\/p>\n<p><strong>Technick\u00fd bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace<\/strong><br \/>\nP\u0159edstavuje praktick\u00e9 ov\u011b\u0159en\u00ed re\u00e1ln\u00e9ho stavu bezpe\u010dnosti mobiln\u00ed aplikace v souladu s\u00a0<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project#Top_Ten_Mobile_Controls\">Top Ten Mobile Controls<\/a>\u00a0zahrnuj\u00edc\u00ed p\u0159edev\u0161\u00edm:<\/p>\n<ul>\n<li>fuzzy testov\u00e1n\u00ed v\u0161ech u\u017eivatelsk\u00fdch vstup\u016f, ov\u011b\u0159en\u00ed kontroly v\u0161ech vstupn\u00edch parametr\u016f<\/li>\n<li>ov\u011b\u0159en\u00ed byznys logiky aplikace<\/li>\n<li>ov\u011b\u0159en\u00ed \u0161ifrov\u00e1n\u00ed a digit\u00e1ln\u00edho podepisov\u00e1n\u00ed samotn\u00fdch \u017e\u00e1dost\u00ed<\/li>\n<li>ov\u011b\u0159en\u00ed bezpe\u010dn\u00e9 autentizace mobiln\u00ed aplikace s danou webovou slu\u017ebou<\/li>\n<li>ov\u011b\u0159en\u00ed bezpe\u010dn\u00e9ho \u00falo\u017ei\u0161t\u011b aplikace<\/li>\n<li>pokud se nepou\u017e\u00edvaj\u00ed klientsk\u00e9 SSL certifik\u00e1ty, n\u00e1sleduje nebo je k dispozici anal\u00fdza pou\u017eit\u00e9 heslov\u00e9 politiky<\/li>\n<\/ul>\n<p><strong>Bezpe\u010dnostn\u00ed audit rozhran\u00ed webov\u00fdch slu\u017eeb (REST \/ SOAP)<\/strong><br \/>\nBezpe\u010dnostn\u00ed audit rozhran\u00ed webov\u00fdch slu\u017eeb (REST \/ SOAP) je realizov\u00e1n jako &#8222;blackbox&#8220; bezpe\u010dnostn\u00ed audit API rozhran\u00ed (bez znalosti XSD \/ WSDL sch\u00e9mat, autentifika\u010dn\u00edch \u00fadaj\u016f apod.), tak jako &#8222;whitebox&#8220; bezpe\u010dnostn\u00ed audit API rozhran\u00ed (se znalost\u00ed API a p\u0159\u00edstupov\u00fdch \u00fadaj\u016f). V obou p\u0159\u00edpadech je uveden\u00e9 testov\u00e1n\u00ed realizov\u00e1no detailn\u011b dle testovac\u00ed p\u0159\u00edru\u010dky OWASP kapitoly &#8222;<a href=\"http:\/\/www.owasp.org\/index.php\/Testing_for_Web_Services\">Testing for Web Services<\/a>&#8222;. Audit v sob\u011b zahrnuje testov\u00e1n\u00ed na\u00a0<a href=\"http:\/\/clawslab.nds.rub.de\/wiki\/index.php\/Main_Page\">n\u00e1sleduj\u00edc\u00ed \u00fatoky<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace zahrnuje v\u00a0sob\u011b, jak technick\u00fd bezpe\u010dnostn\u00ed audit samotn\u00e9 mobiln\u00ed aplikace, tak bezpe\u010dnostn\u00ed audit serverov\u00fdch webov\u00fdch slu\u017eeb (REST \/ SOAP), se kter\u00fdmi mobiln\u00ed aplikace komunikuje. P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls: 1. Identifikace a zabezpe\u010den\u00ed citliv\u00fdch dat v telefonu. 2. Kontrola kvality a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":353,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"services_detail.php","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-377","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking<\/title>\n<meta name=\"description\" content=\"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking\" \/>\n<meta property=\"og:description\" content=\"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-19T10:22:50+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/\",\"url\":\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/\",\"name\":\"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2015-11-08T20:37:45+00:00\",\"dateModified\":\"2019-08-19T10:22:50+00:00\",\"description\":\"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.\",\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/cs\/home-new-2025\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Slu\u017eby\",\"item\":\"https:\/\/nethemba.com\/cs\/sluzby\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Aplika\u010dn\u00ed bezpe\u010dnost\",\"item\":\"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking","description":"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/","og_locale":"cs_CZ","og_type":"article","og_title":"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking","og_description":"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.","og_url":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2019-08-19T10:22:50+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Odhadovan\u00e1 doba \u010dten\u00ed":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/","url":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/","name":"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace - Nethemba - Etick\u00fd hacking","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T20:37:45+00:00","dateModified":"2019-08-19T10:22:50+00:00","description":"P\u0159i testov\u00e1n\u00ed vyu\u017e\u00edv\u00e1me n\u00e1stroje a postupy uveden\u00e9 v\u00a0OWASP Mobile Security Project\u00a0se zam\u011b\u0159en\u00edm na\u00a0Top Ten Mobile Controls.","breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/bezpecnostni-audit-mobilni-aplikace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Slu\u017eby","item":"https:\/\/nethemba.com\/cs\/sluzby\/"},{"@type":"ListItem","position":3,"name":"Aplika\u010dn\u00ed bezpe\u010dnost","item":"https:\/\/nethemba.com\/cs\/sluzby\/aplikacni-bezpecnost\/"},{"@type":"ListItem","position":4,"name":"Bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=377"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/377\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/353"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}