Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus"

Transcription

1 Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus

2 Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques and tools for testing the security of Android and iphone mobile applications. During this course the students will learn about important topics such as the Android and iphone Security model, the emulator, how to perform static analysis, traffic manipulation, and dynamic analysis. By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application. The objectives of the course are: Understand the Android and iphone application threat landscape Perform penetration testing on Android and iphone mobile apps Identify vulnerabilities and exploit them Operate AppSec Labs' unique AppUse customized VM for Android pen-testing Target audience Members of the security / software development team: Security penetration testers Android developers iphone / ios developers Prerequisites Before attending this course, students should be familiar with: Common security concepts Java background and basic knowledge of the Android development platform C/C++ background Basic knowledge of the ios development platform In addition, participants must bring iphone or ipad devices to the course. 1 P a g e

3 Course topics Day 1 Introduction to Android Security Top issues facing mobile apps What makes mobile security so different? Mobile malware The Android Linux OS security The Android security mechanisms Application file system isolation Database isolation The permission model LAB: Exploring the Android environment The Android Penetration Testing Workspace The Android emulator Emulator VS. device testing The debug bridge LAB: The Android emulator Tools of the trade Using AppUse ("Android Pen-test Platform Unified Standalone Environment") VM LAB: AppUse feature walkthrough Android Application Static Analysis The APK file package Extracting file content Investigating layout, manifest, permissions and binaries Analyzing file system access LAB: Locating secrets in code & configuration files Investigating database & storage usage Identifying local SQL Injections in SQLite LAB: Binary decompilation & disassembly 2 P a g e

4 Day 2 Application Dynamic Analysis Debugging Setting breakpoints LAB: Manipulating client side UI controls LAB: Bypassing authorization restrictions Memory analysis Memory dumps Patching & Binary modifications LAB: Reverse engineering target applications Traffic Manipulation Remote Authentication Traffic interception Using proxies Bypassing server certificate validations LAB: Importing SSL certificates & trusted CA's Exposing insecure traffic LAB: Traffic manipulation using the AppUse VM 3 P a g e

5 Day 3 Introduction to iphone Security Top issues facing mobile apps What makes mobile security so different? Mobile malware iphone OS security built-in ios security mechanisms Application file system isolation Database isolation The permission model LAB: Exploring the iphone environment The iphone Penetration Testing Workspace The ios emulator Simulator VS. device testing Jailbreaking the iphone enabling advanced features for PT purposes Command line remote access Tools of the trade LAB: working with the simulator vs. real device Application Static Analysis The file package Extracting file content Investigating binary content Data storage locations Analyzing file system access LAB: Locating secrets in code & configuration files Investigating database & storage usage Identifying local SQL Injections in SQLite LAB: Binary decompilation & disassembly 4 P a g e

6 Day 4 Application Dynamic Analysis Debugging Setting breakpoints LAB: Manipulating client side UI controls LAB: Bypassing authorization restrictions Memory analysis Memory dumps Decrypting applications content Patching & Binary modifications LAB: Reverse engineering target applications Traffic Manipulation Remote Authentication Traffic interception Using proxies Bypassing server certificate validations LAB: Importing SSL certificates & trusted CA's Exposing insecure traffic LAB: Traffic manipulation 5 P a g e

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus Android Mobile Application Hacking Penetration Testing 3-Day Hands-On Course Course Syllabus Android mobile application hacking 3-day hands on course Course description This course will focus on the techniques

More information

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing

More information

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification

More information

Mobile Application Security and Penetration Testing Syllabus

Mobile Application Security and Penetration Testing Syllabus Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP

More information

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications

More information

Learn the fundamentals of Software Development and Hacking of the iphone Operating System.

Learn the fundamentals of Software Development and Hacking of the iphone Operating System. Course: Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: Learn the fundamentals of Software Development and Hacking of the iphone Operating System. provides an Instructor-led

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced

More information

AppUse - Android Pentest Platform Unified

AppUse - Android Pentest Platform Unified AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed

More information

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

Advanced ANDROID & ios Hands-on Exploitation

Advanced ANDROID & ios Hands-on Exploitation Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages

More information

Centre of Digital Innovation

Centre of Digital Innovation Centre of Digital Innovation mlab v1.1 mgovernment Centre of Digital Innovation CoDI http://mgovlab.government.ae Version Control Version Date Author 1.0 24 December 2014 Humaid Al Ali 1.1 29 December

More information

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru)

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru) Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at

More information

Mobile Payment Services- Security Risks, Trends and Countermeasures

Mobile Payment Services- Security Risks, Trends and Countermeasures Mobile Payment Services- Security Risks, Trends and Countermeasures Agenda Trends in mobile payments Security risks in mobile payments applications and devices Mitigation strategy through secure SDLC Mobile

More information

Pentesting Android Mobile Application

Pentesting Android Mobile Application Pentesting Android Mobile Application Overview on Mobile applications Connect in Superior Way!! Mobile market is the worldwide rapidly developing segments since many customers are using mobile phones.

More information

Security Testing Guidelines for mobile Apps

Security Testing Guidelines for mobile Apps The OWASP Foundation http://www.owasp.org Security Testing Guidelines for mobile Apps Florian Stahl Johannes Ströher AppSec Research EU 2013 Who we are Florian Stahl Johannes Ströher Lead Consultant for

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Penetration Testing for iphone Applications Part 1

Penetration Testing for iphone Applications Part 1 Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone

More information

Learning Course Curriculum

Learning Course Curriculum Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early

More information

Next Presentation Begins at 14:40. How To Hack An App

Next Presentation Begins at 14:40. How To Hack An App Next Presentation Begins at 14:40 How To Hack An App Winston Bond wbond@arxan.com How To Hack An App Winston Bond wbond@arxan.com How To Hack An App Winston Bond European Technical Manager Arxan Technologies

More information

Android (in)security. Having fun with Android. Sarantis Makoudis

Android (in)security. Having fun with Android. Sarantis Makoudis Android (in)security Having fun with Android Sarantis Makoudis About Me BSc in Digital Systems, University of Piraeus, 2010 MSc in Information Security, Royal Holloway, University of London,2012 Penetration

More information

How to Analyze an Android Bot

How to Analyze an Android Bot SESSION ID: MBS-R02 How to Analyze an Android Bot Kevin McNamee Nokia Threat Intelligence Lab @KevMcNamee Agenda Introduction Tools The Lab Demo Q&A 2 Why Analyze Android Malware We monitor mobile traffic

More information

Running a Program on an AVD

Running a Program on an AVD Running a Program on an AVD Now that you have a project that builds an application, and an AVD with a system image compatible with the application s build target and API level requirements, you can run

More information

ITG Software Engineering

ITG Software Engineering Basic Android Development Course ID: Page 1 Last Updated 12/15/2014 Basic Android Development ITG Software Engineering Course Overview: This 5 day course gives students the fundamental basics of Android

More information

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001 CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

When Security Gets in the Way. PenTesting Mobile Apps That Use Certificate Pinning

When Security Gets in the Way. PenTesting Mobile Apps That Use Certificate Pinning When Security Gets in the Way PenTesting Mobile Apps That Use Certificate Pinning Justine Osborne Alban Diquet Outline What is Certificate Pinning? Definition and Background Consequences for Mobile Blackbox

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic

More information

Securing your Mobile Applications. Karson Chan Security Consultant

Securing your Mobile Applications. Karson Chan Security Consultant Securing your Mobile Applications Karson Chan Security Consultant NTT Com Security Threat can come from anywhere that s why we are everywhere 1,000+ Staff Our knowledge is your security 8,000+ Customers

More information

Pentesting Mobile Applications

Pentesting Mobile Applications WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer

More information

Network Test Labs (NTL) Software Testing Services for igaming

Network Test Labs (NTL) Software Testing Services for igaming Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs

More information

OWASP Mobile Top Ten 2014 Meet the New Addition

OWASP Mobile Top Ten 2014 Meet the New Addition OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Android. Lecture 1. Learning Android Marko Gargenta. Tuesday, February 26, 13

Android. Lecture 1. Learning Android Marko Gargenta. Tuesday, February 26, 13 Android Lecture 1 Learning Android Marko Gargenta Final Project Jan/Feb: ARM March: Android Apr: Final project Complexity Sense the world Analysis Service delivery Hands-on A fun project built-up through

More information

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

MOBILE APPLICATION SECURITY

MOBILE APPLICATION SECURITY Innovate, Integrate, Transform MOBILE APPLICATION SECURITY By Ramkumar Murugadoss and Arif Nasim WHITEPAPER www.altencalsoftlabs.com Objective The objective of this paper is to help the developer community

More information

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr

More information

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners.

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners. Blackbox Android Breaking Enterprise Class Applications and Secure Containers Marc Blanchou Mathew Solnik 10/13/2011 https://www.isecpartners.com Agenda Background Enterprise Class Applications Threats

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals CHECK POINT Mobile Security Revolutionized [Restricted] ONLY for designated groups and individuals 2014 Check Point Software Technologies Ltd. 1 Rapidly Expanding Mobile Threats MOBILE THREATS are ESCALATING

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

AppUse - Android Pentest Platform Unified

AppUse - Android Pentest Platform Unified AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

The OWASP Foundation http://www.owasp.org

The OWASP Foundation http://www.owasp.org Android reverse engineering: understanding third-party applications OWASP EU Tour 2013 June 5, 2013. Bucharest (Romania) Vicente Aguilera Díaz OWASP Spain Chapter Leader Co-founder of Internet Security

More information

The State of Mobile Application Security Application Security Made Easy

The State of Mobile Application Security Application Security Made Easy The State of Mobile Application Security 2014-2015 Application Security Made Easy The State of Mobile Application Security 2014-2015 /> Brought to you by Checkmarx and Appsec Labs Research author: James

More information

Hacking your Droid ADITYA GUPTA

Hacking your Droid ADITYA GUPTA Hacking your Droid ADITYA GUPTA adityagupta1991 [at] gmail [dot] com facebook[dot]com/aditya1391 Twitter : @adi1391 INTRODUCTION After the recent developments in the smart phones, they are no longer used

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

BCS Bristol Autumn School Testing your App. Jim Thomas Director of Software Testing

BCS Bristol Autumn School Testing your App. Jim Thomas Director of Software Testing BCS Bristol Autumn School Testing your App Jim Thomas Director of Software Testing TVS background TVS UK (2008) TVS Germany (2011) TVS France (2012) T&VS India (2011) Delivering tailored solutions for

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

Mobile Application Security Testing ASSESSMENT & CODE REVIEW

Mobile Application Security Testing ASSESSMENT & CODE REVIEW Mobile Application Security Testing ASSESSMENT & CODE REVIEW Sept. 31 st 2014 Presenters ITAC 2014 Bishop Fox Francis Brown Partner Joe DeMesy Security Associate 2 Introductions FRANCIS BROWN Hi, I m Fran

More information

Testing for Security

Testing for Security Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is

More information

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution

More information

Overview. The Android operating system is like a cake consisting of various layers.

Overview. The Android operating system is like a cake consisting of various layers. The Android Stack Overview The Android operating system is like a cake consisting of various layers. Each layer has its own characteristics and purpose but the layers are not always cleanly separated and

More information

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Since the introduction of the iphone, Apple has sold more than 315 million

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

Mobile Security Framework

Mobile Security Framework Automated Mobile Application Security Testing with Mobile Security Framework Ajin Abraham About Me! Security Consultant @ Yodlee! Security Engineering @ IMMUNIO! Next Gen Runtime Application Self Protection

More information

eeye Digital Security Product Training

eeye Digital Security Product Training eeye Digital Security Product Training Retina CS for System Administration (4MD) This hands-on instructor led course provides security system administration/analysts with the skills and knowledge necessary

More information

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Who are we? Flora Bottaccio Security Analyst at ADVTOOLS Sebastien Andrivet Director, co-founder of ADVTOOLS ADVTOOLS Swiss company founded in 2002

More information

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods

More information

Practical Attacks against Mobile Device Management Solutions

Practical Attacks against Mobile Device Management Solutions Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 616 Securing Windows Infrastructure. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 616 Securing Windows Infrastructure. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 616 Securing Windows Infrastructure Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

The Web AppSec How-to: The Defenders Toolbox

The Web AppSec How-to: The Defenders Toolbox The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware

More information

Mobile Application Security Report 2015

Mobile Application Security Report 2015 Mobile Application Security Report 2015 BY Author : James Greenberg 1 P a g e Executive Summary Mobile Application Security Report 2015 The mobile application industry is growing exponentially at an explosive

More information

Mobile Application Design and Development Process

Mobile Application Design and Development Process Mobile Application Design and Development Process Mobile Application Design and Development We pride ourselves in offering world class mobile application development on your terms. As part of the hiring

More information

Fraunhofer Institute for Secure Information Technology: Security and Privacy for Mobile Applications

Fraunhofer Institute for Secure Information Technology: Security and Privacy for Mobile Applications Fraunhofer-Gesellschaft 2013 Fraunhofer Institute for Secure Information Technology: Security and Privacy for Mobile Applications Dr. Jens Heider Head of Department Testlab Mobile Security Amt für Wirtschaft

More information

KonyOne Server Prerequisites _ MS SQL Server

KonyOne Server Prerequisites _ MS SQL Server KonyOne Server Prerequisites _ MS SQL Server KonyOne Platform Release 5.0 Copyright 2012-2013 Kony Solutions, Inc. All Rights Reserved. Page 1 of 13 Copyright 2012-2013 by Kony Solutions, Inc. All rights

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

Penetration Testing Android Applications

Penetration Testing Android Applications Author: Kunjan Shah Security Consultant Foundstone Professional Services Table of Contents Penetration Testing Android Applications... 1 Table of Contents... 2 Abstract... 3 Background... 4 Setting up

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

Bypassing SSL Pinning on Android via Reverse Engineering

Bypassing SSL Pinning on Android via Reverse Engineering Bypassing SSL Pinning on Android via Reverse Engineering Denis Andzakovic Security-Assessment.com 15 May 2014 Table of Contents Bypassing SSL Pinning on Android via Reverse Engineering... 1 Introduction...

More information

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),

More information

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps Tony Trummer Staff Engineer, Information Security at LinkedIn Penetration tester and mobile security enthusiast #3 in Android Security Acknowledgements Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

Android Security Evaluation Framework

Android Security Evaluation Framework INTRODUCING... A S E F Android Security Evaluation Framework - Parth Patel $ whoami_ Agenda Manual Research Automation - A S E F Let s solve problems Conclusion Android OS Open Source Security Evaluation

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions

Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions Rich Lord Vice President, Asia-Pacific Arxan Technologies Mobile Apps Are under Attack Majority

More information

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing

More information

Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece

Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece University of Piraeus, Greece Department of Digital Systems System Security Laboratory founded

More information

TACKYDROID. Pentesting Android Applications in Style

TACKYDROID. Pentesting Android Applications in Style TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that

More information

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Elevation of Mobile Security Risks in the Enterprise Threat Landscape March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest

More information

OWASP NZ Day 2011 Testing Mobile Applications

OWASP NZ Day 2011 Testing Mobile Applications OWASP NZ Day 2011 Testing Mobile Applications Presenter: Nick von Dadelszen Date: 7 th July 2011 Company: Lateral Security (IT) Services Limited Company overview Company Lateral Security (IT) Services

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

Secure your ios applications and uncover hidden vulnerabilities by conducting penetration tests

Secure your ios applications and uncover hidden vulnerabilities by conducting penetration tests Fr ee Learning ios Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an ios application and operating system, and will teach you to conduct static and dynamic

More information

Security Intelligence Services. Cybersecurity training. www.kaspersky.com

Security Intelligence Services. Cybersecurity training. www.kaspersky.com Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative

More information

The Incident Response Playbook for Android and ios

The Incident Response Playbook for Android and ios SESSION ID: AIR-W03R The Incident Response Playbook for Android and ios Andrew Hoog CEO and Co-founder NowSecure @ahoog42 @NowSecureMobile Andrew Hoog Author of three books Incident Response for Android

More information

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...

More information

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.

More information

http://resources.infosecinstitute.com/security-hacking-apps-android/?utm_source=newslett...

http://resources.infosecinstitute.com/security-hacking-apps-android/?utm_source=newslett... Page 1 of 6 877.791.9571 Home Contributors Articles Mini Courses Downloads Courses Schedule About Download & Resources Sign up fro our newsletter to get the latest updates. SUBMIT Security and Hacking

More information

CTX-4100BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Skills Update

CTX-4100BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Skills Update CTX-4100BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Skills Update Designed for experienced XenApp users, this course provides the foundation necessary to effectively deploy

More information

Android OBAD Technical Analysis Paper Comodo Malware Analysis Team July 20013

Android OBAD Technical Analysis Paper Comodo Malware Analysis Team July 20013 Technical Analysis Paper Comodo Malware Analysis Team July 20013 Emre TINAZTEPE Doğan KURT Alp GÜLEÇ Malware Analysis Team Lead R&D Engineer R&D Engineer July 2013 P a g e 1 Contents 1. Overview 3 2. Permissions

More information

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net Pentesting iphone Applications Satishb3 http://www.securitylearn.net Agenda iphone App Basics App development App distribution Pentesting iphone Apps Methodology Areas of focus Major Mobile Threats Who

More information