Mobile Application Security and Penetration Testing Syllabus

Size: px

Start display at page:

Download "Mobile Application Security and Penetration Testing Syllabus"

Douglas Pope
10 years ago
Views:

1 Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms Android iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats OWASP Top 10 Mobile Risks Physical Security Poor Keyboards User Profiles Web Browsing Malwares Malware History Malware Spreading Patching and Updating Day-1 Mobile OS Architectures and Security Model 2.1. Android Android Architecture Android Security Models Privilege Separation and Sandboxing File System Isolation Storage and Database Isolation Application Signing Permission Model Memory Management Security Enhancement Components Google Bouncer Rooting Devices 2.2. ios iOS Architecture iOS Security Models Privilege Separation Sandbox

Patching and Updating Day-1 Mobile OS Architectures and Security Model 2.1. Android 2.1.1.Android Architecture 2.1.2.Android Security Models 2.1.2.1. Privilege Separation and Sandboxing 2.1.2.2. File System Isolation 2.

2 Code Signing Keychain and Encryption DEP/ASLR Reduced OS Security ios Overview Jailbreaking Devices Day-2 Android- Setting up a Test Environment 3.1. Android SDK Windows OS Linux OS 3.2. Eclipse IDE 3.3. AVD and Actual Devices Start AVD Edit Virtual Devices Definitions Create New Virtual Device Run and Interact with Virtual Devices Improve Virtual Devices Performance Connect Actual Devices via USB 3.4. Interact with the Devices Android Debug Bridge List Devices Gather Device Information ADB Shell Browse the Device Read Databases Move Files from/to the Device Sqlite DDMS File Explorer Mount Device Disk Install / Uninstall Application with gdb Install and Run Custom Application BusyBox SSH VNC

Run and Interact with Virtual Devices 3.3.5.Improve Virtual Devices Performance 3.3.6.Connect Actual Devices via USB 3.4. Interact with the Devices 3.4.1.Android Debug Bridge 3.4.1.1. List Devices 3.

3 ios- Setting up a Test Environment 4.1. ios SDK Xcode IDE iOS Simulator Writing an ios App 4.2. ios Simulator and Xcode Limitations 4.3. File System and Device Interaction Directory Structure Plist Files Databases Logs and Cache Files Browse Application Files and Folders Plist Databases Library and Caches Cookies.bynaricookies Extract Files from Devices Snapshots Export Installed Apps Install Applications SSH Access Xcode Organizer 4.4. Backups 4.5. Interact with Jailbroken Devices SSH Access Windows OS Mac/Linux OS SSH via cable (USB) BigBoss Recommended Tools SFTP (FTP via SSH) Explorer Software VNC Run Apps without Developer Account

Extract Files from Devices 4.3.7.Snapshots 4.3.8.Export Installed Apps 4.3.9.Install Applications 4.3.10. SSH Access 4.3.11. Xcode Organizer 4.4. Backups 4.5. Interact with Jailbroken Devices 4.5.1.SSH Access 4.5.1.1. Windows OS 4.

4 Don t code sign Self-Signed Certificate Create and Run Custom Apps From.app to.ipa Edit Existing Application Files Keychain Dumper Day-3 Android-Reverse Engineering and Static Analysis 5.1. Decompiling and Disassembling.apk files 5.2. Smali 5.3. Decompile.apk to.jar files 5.4. From.jar to Source Code 5.5. Decompiling/Disassembling Overview 5.6. Labs Locating Secrets Bypassing Security Controls 5.7. Patching Binaries ios-reverse Engineering and Static Analysis 6.1..ipa and.app files 6.2. Plist 6.3. Decompiling ios Apps: Otools 6.4. Decompiling ios Apps: class-dump 6.5. Decompiling ios Apps: IDA 6.6. LAB Locating Information 6.7. Patching ios Apps Simulator

jar to Source Code 5.5. Decompiling/Disassembling Overview 5.6. Labs 5.6.1.Locating Secrets 5.6.2.Bypassing Security Controls 5.7.

5 Day-4 Android-Dynamic/Runtime Analysis 7.1. Debugging 7.2. LogCat 7.3. DDMS 7.4. Memory Analysis DDMS HPROF Strings Inspect HPROF Dump MAT 7.5. IPC Mechanisms and App Components Intents Android Tools Monkey Activity Manager LAB: Bypass Security Checks Content Providers Example # Example # Example # Query a Content Provider Find the Correct URI LAB: Content Providers Leakage SQL Injection LAB: SQL injection Directory Traversal SharedUID ios-dynamic/runtime Analysis

LAB: Bypass Security Checks 7.5.3.Content Providers 7.5.3.1. Example #1 7.5.3.2. Example #2 7.5.3.3. Example #3 7.5.3.4. Query a Content Provider 7.5.3.5. Find the Correct URI 7.

6 8.1. Manually Decrypt Applications Binaries GDB Ldid Identify ASLR/PIE Calculating Area to Dump Attach GDB and Dump the Area Mere the Dump Edit cryptid values MachOView Debug/Run the App 8.2. Decrypt Applications Binaries: Clutch 8.3. Runtime Manipulation Cycript Install Cycript Attach Cycript to a Process Interact with Cycript Pop up an Alert at runtime Bypass the Lock Screen Attack Custom Apps: LogMeIn Attack Custom Apps: LogMeIn GDB Objc_msgSend ARMv6 Processor Registers Runtime Analysis with GDB Attack Applications with GDB Day-5 Android Network Analysis 9.1. Traffic Sniffing 9.2. Proxying Emulators and Actual Devices 9.3. Intercept Application and SSL Traffic Intercept with Rooted Device and ProxyDroid 9.4. Traffic Manipulation ios Network Analysis Traffic Sniffing Proxying Simulators and Actual Devices Proxying and Intercepting SSL Traffic: Charles Proxying and Intercepting SSL Traffic: Burp SSL Traffic on Actual Devices Charles Burp

3.1.3. Interact with Cycript 8.3.1.4. Pop up an Alert at runtime 8.3.1.5. Bypass the Lock Screen 8.3.1.6. Attack Custom Apps: LogMeIn 8.3.1.7. Attack Custom Apps: LogMeIn2 8.4. GDB 8.4.1.Objc_msgSend 8.

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification