Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus



Similar documents
Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

Mobile Application Security and Penetration Testing Syllabus

Security Testing Guidelines for mobile Apps

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Advanced ANDROID & ios Hands-on Exploitation

Enterprise Application Security Workshop Series

Application Security Testing

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

Pentesting iphone Applications. Satishb3

Pentesting Mobile Applications

Learn the fundamentals of Software Development and Hacking of the iphone Operating System.

Penetration Testing for iphone Applications Part 1

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application

OWASP Mobile Top Ten 2014 Meet the New Addition

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001

Mobile Application Security Testing ASSESSMENT & CODE REVIEW

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

elearning for Secure Application Development

Mobile Security Framework

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

Learning Course Curriculum

Rational AppScan & Ounce Products

ios Testing Tools David Lindner Director of Mobile and IoT Security

Secure your ios applications and uncover hidden vulnerabilities by conducting penetration tests

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

AGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Workday Mobile Security FAQ

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

Information Security. Training

A Taste of SANS SEC575 Part I: Invasion of the Mobile Phone Snatchers

Pentesting ios Apps Runtime Analysis and Manipulation. Andreas Kurtz

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

SAST, DAST and Vulnerability Assessments, = 4

Pen Testing ios Apps

Standard: Web Application Development

How To Protect A Web Application From Attack From A Trusted Environment

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

SECURING MOBILE APPLICATIONS

Network Test Labs (NTL) Software Testing Services for igaming

<Insert Picture Here> Oracle Web Cache 11g Overview

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Please Complete Speaker Feedback Surveys. SecurityTube.net

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

labs Attacking JAVA Serialized Communication By: Manish S. Saindane

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

AppUse - Android Pentest Platform Unified

Security Evaluation CLX.Sentinel

Lecture 11 Web Application Security (part 1)

Project X Mass interception of encrypted connections

Learn Ethical Hacking, Become a Pentester

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Administering Jive Mobile Apps

Pentesting Android Apps. Sneha Rajguru

eeye Digital Security Product Training

What is Web Security? Motivation

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

BYOD Guidance: BlackBerry Secure Work Space

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Architecture of Enterprise Mobile Apps

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Passing PCI Compliance How to Address the Application Security Mandates

CTX-4100BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Skills Update

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Essential IT Security Testing

Security Vulnerabilities in 3rd-Party ios Applications

MS-55096: Securing Data on Microsoft SQL Server 2012

End User Devices Security Guidance: Apple OS X 10.10

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

Thick Client Application Security

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Mobile Application Security: Who, How and Why

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/

PENTEST. Pentest Services. VoIP & Web.

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Penetration Testing with Kali Linux

Professional Penetration Testing Techniques and Vulnerability Assessment ...

The Top Web Application Attacks: Are you vulnerable?

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Designing and Coding Secure Systems

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Trainer Preparation Guide for Course 10174A: Configuring and Administering Microsoft SharePoint 2010

Mobile Application Security

Introduction to Penetration Testing Graham Weston

Protect Your Business and Customers from Online Fraud

BYOD AND NEXT- GENERATION MOBILE SECURITY

SharePoint 2010

Network Security Audit. Vulnerability Assessment (VA)

Guideline on Safe BYOD Management

Transcription:

Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus

Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing the security of Android and ios mobile applications. During this course the students will learn about important topics such as the Android and ios Security model, the emulator, how to perform static analysis, traffic manipulation, and dynamic analysis. By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application. The objectives of the course are: Understand the Android and ios application threat landscape Perform penetration testing on Android and ios mobile apps Identify vulnerabilities and exploit them Operate AppSec Labs' unique inalyzer customized VM for ios pen-testing Target audience Members of the security / software development team: Security penetration testers ios / ios developers Prerequisites Before attending this course, students should be familiar with: Common security concepts C/C++ background Basic knowledge of the ios development platform In addition, participants must bring ios or ipad 5.0 and above devices to the course. 1 P a g e

Course topics Day 1 Introduction to ios Security Welcome to ios What makes mobile security so different? OWASP Top 10 Mobile What is ios? ios Device Architecture ios Security Model ios File System isolation Application Sandbox The ios Pen-Testing Environment Lab Setup overview Device Setup Jailbreaking ios Cydia Installations Laptop Installation AppSec-Labs inalyzer LAB: Exploring the ios environment Application Static Analysis The need for Static Analysis Sources for Static Analysis The IPA file package IPA file deployment on device IPA manual file installation The CodeResources file Anti tampering configuration Tampering with IPA Content Investigating the Application contents View Controllers Investigating Info.plist file Listing all CFUR types on a device Investigating Binary URI Strings Investigating Binary Parameters usage Investigating Binary Encryption ios Binary Application Structure Encryption 2 P a g e

Day 2 Decrypting Binary - concept Static analysis of a decrypted Binary Investigating binary content Reversing Interfaces: Using inalyzer for static analysis LAB: Binary Static Analysis manual and automated Application Storage Analysis Application Storage Analysis File System access security File System Data Protection Class File System access Application storages Property list files (.plist) Tampering with Property list files (.plist) Investigating Plist files plutil. Database files (.db/.sqlite) Snapshots Storage Persistent Cookies Investigating Logs Keyboard Cache Cryptographic failures Keychain access inalyzer Storage Snapshot Summary Traffic Manipulation Traffic Analysis and Manipulation Common architecture Bad Session Management Phone identifiers used in authentication Credentials leakage Client information sent to advertisement/analytics server Server side vulnerabilities Sniffing Traffic Traffic interception SSL obstacles 3 P a g e

Day 3 Importing SSL certificates & trusted CA's Bypassing server certificate validations LAB: Traffic manipulation Temporary runtime manipulation Temporary Runtime Manipulation Why do we need temporary runtime manipulation? Temporary runtime manipulation tools Objective C class interposing Runtime manipulation with Cycript Cycript: as a Tampering tool Runtime manipulation with inalyzer Dashboard LAB: ObjC and runtime manipulation using inalyzer and cycript Persistent runtime manipulation Persistent Runtime Manipulation Means of persistent manipulation Persistent runtime manipulation technique Persistent runtime manipulation - backstage Persistent runtime manipulation frameworks Theos Injection Framework inalyzer header dump inalyzer class dump reference Reversing ios Binary IDA Pro Remote debugging with GDB Summary LAB: Persistent runtime manipulation using inalyzer IDA Theos and cycript 4 P a g e

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information