Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Transcription

1 Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications

2 Course Title Workshop on VAPT of Android & ios Applications Course Description Introduces threats Android & ios security controls. Introduces on the Android & ios platform. Provides guidance on analyzing, reverse engineering, and decompiling Android applications. Provides guidance on jail breaking, static analysis, and dynamic analysis of ios. Malwares on ios Includes hands-on lab exercises on application development, penetration testing and reverse engineering an Android and ios Application. Delivery Type - Deep Dive Hands On Technology Workshop The course includes practical hands-on exercises that enable you to test your acquired skills during the workshop and understand its usage in a live environment. Participants will be required to come with their own laptops and internet connection Delivery Method Instructor led hands-on Workshop The team of instructor fly down to the premises of the organization to deliver the workshop Contact Hours of Training 12 Hours Number of Days 2 Days Number of Trainers 2 Practical: Theory Ratio 7:3 Ideal Batch Size 16 to 24 individuals 1

3 Course Objective At the end of this course, attendees will be able to: Identify specific threats and risks associated with the Android & ios mobile platform Perform Vulnerability Assessment on Android & ios platform. Perform a hands-on penetration test and reverse engineering an Android application Who Should Attend? Android & ios Application Developers IT & IT Security Professionals Mobile Application Vulnerability Analyst Mobility, Mobile Security & Operations Team Hands- On The course includes practical hands-on exercises that enable you to test your acquired skills during the workshop and understand its usage in a live environment. Take Away Lucideus Mobile Security Toolkit Practical Toolkit (DVD) with tools used during the workshop, white papers, and other support software Mobile Security Cook-Book Android Security Cook Book containing detailed specifics of the contents of the training Certification Participants will be evaluated at the end of the workshop and will be provided with Lucideus Certified Mobile Application Security Analyst (LCMASA) certificate if they score above 60% in the examination Each Participant will get the participation certificate. 2

4 Course Outline Day One 6 Hours INTRODUCTION Introduction & Lab Setup Introduction to Android Security Challenges to development Insecure Data Storage Weak Server Side Control Insufficient Transport Layer Protection Authorization & Authentication Session Handling Security Decisions Sensitive Information Disclosure Privilege Management & Escalation Android Permission Manager APK Permission Analysis Demonstration Security Countermeasure Android Security Forensics Data Storage Demonstration (Accessing User Data) Broken cryptography Analyzing, Reversing and Decompiling 2 Hours Unpacking APKs Decoding XML/Resource Files De-Compiling Android Executable Files Lab Reverse Engineering target applications Protecting app against reverse engineering Root Access in Android Introduction Demonstration 3

5 Course Outline Day Two 6 Hours History and Introduction ios User Base AppStore and it's Policy ios Version And Vulnerability History OWASP Top 10 Mobile Threats Common Application Threats OS Built-in Security Application Permission Model Jailbreaking What is Jailbreaking Cydia Tethered v/s Untethered Jailbreak Security Threats of Jailbreaking Static Analysis 1.5 Hours IPA file Architecture Decrypt the AppStore Application Dump and Investigate Class Headers Data Transmission Protocol Implemented Inspecting PLIST file Data Storage Inspection What Platform Provided Security Features Are Used Dynamic Analysis 2 Hours Bypassing Jailbreak Detection Data Stored in keychain and SQLite Database Memory Analysis Capturing Packet Data Traffic Interception Writing Binary Patching Tweaks Malwares Does ios Malware Exist? ios Malware History Exam 4

6 Lucideus has been featured in 5

7 Lucideus Headquarters New Delhi C-17, Safdarjung Development Area, Hauz Khas, New Delhi Lucideus Labs IIT Bombay 4th Floor, SINE KReSIT Building IIT Bombay, Powai Mumbai Lucideus Regional Office Ahmedabad 205, 2nd Floor Shree Balaji Heights, C.G. Road Ahmedabad Lucideus Regional Office Kolkata 390 A, Jodhpur Park, Kolkata [email protected] All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Lucideus. No part of this document may be reproduced in any form or by any means without the prior written authorization of Lucideus. While every precaution has been taken in the preparation of this document, Lucideus assumes no responsibility for errors or omissions.