Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus



Similar documents
Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

Mobile Application Security and Penetration Testing Syllabus

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Enterprise Application Security Workshop Series

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

AppUse - Android Pentest Platform Unified

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

Application Security Testing

Advanced ANDROID & ios Hands-on Exploitation

Pentesting Android Mobile Application

Pentesting Android Apps. Sneha Rajguru

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Security Testing Guidelines for mobile Apps

Penetration Testing for iphone Applications Part 1

Android (in)security. Having fun with Android. Sarantis Makoudis

Penetration Testing in Romania

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

OWASP Mobile Top Ten 2014 Meet the New Addition

Securing your Mobile Applications. Karson Chan Security Consultant

When Security Gets in the Way. PenTesting Mobile Apps That Use Certificate Pinning

Network Test Labs (NTL) Software Testing Services for igaming

ITG Software Engineering

Running a Program on an AVD

Pentesting Mobile Applications

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/

Mobile Application Security Testing ASSESSMENT & CODE REVIEW

Learn Ethical Hacking, Become a Pentester

eeye Digital Security Product Training

Penetration Testing with Kali Linux

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Testing for Security

Mobile Security Framework

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17

CYBERTRON NETWORK SOLUTIONS

The OWASP Foundation

How To Protect Your Mobile Device From Attack

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application

Pentesting iphone Applications. Satishb3

Defending Behind The Device Mobile Application Risks

Bypassing SSL Pinning on Android via Reverse Engineering

Thick Client Application Security

That Point of Sale is a PoS

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

The Web AppSec How-to: The Defenders Toolbox

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Mobile Device Management

Practical Attacks against Mobile Device Management Solutions

Secure your ios applications and uncover hidden vulnerabilities by conducting penetration tests

Hacking your Droid ADITYA GUPTA

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 616 Securing Windows Infrastructure. Make The Difference CAST.

The Incident Response Playbook for Android and ios

Example of Standard API

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

BYOD: End-to-End Security

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

BYPASSING THE ios GATEKEEPER

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Android Security Evaluation Framework

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Mobile Application Security Report 2015

CRYPTUS DIPLOMA IN IT SECURITY

Symantec Mobile Management Suite

Messing with the Android Runtime

Enterprise Apps: Bypassing the Gatekeeper

TACKYDROID. Pentesting Android Applications in Style

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Overview. The Android operating system is like a cake consisting of various layers.

Security Intelligence Services. Cybersecurity training.

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Penetration Testing Android Applications

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

Mobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Securing and Accelerating Databases In Minutes using GreenSQL

Google Apps Engine. G-Jacking AppEngine-based applications. Presented 30/05/2014. For HITB 2014 By Nicolas Collignon and Samir Megueddem

Information Security. Training

KonyOne Server Prerequisites _ MS SQL Server

Lab 4 In class Hands-on Android Debugging Tutorial

Transcription:

Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus

Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques and tools for testing the security of Android and iphone mobile applications. During this course the students will learn about important topics such as the Android and iphone Security model, the emulator, how to perform static analysis, traffic manipulation, and dynamic analysis. By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application. The objectives of the course are: Understand the Android and iphone application threat landscape Perform penetration testing on Android and iphone mobile apps Identify vulnerabilities and exploit them Operate AppSec Labs' unique AppUse customized VM for Android pen-testing Target audience Members of the security / software development team: Security penetration testers Android developers iphone / ios developers Prerequisites Before attending this course, students should be familiar with: Common security concepts Java background and basic knowledge of the Android development platform C/C++ background Basic knowledge of the ios development platform In addition, participants must bring iphone or ipad devices to the course. 1 P a g e

Course topics Day 1 Introduction to Android Security Top issues facing mobile apps What makes mobile security so different? Mobile malware The Android Linux OS security The Android security mechanisms Application file system isolation Database isolation The permission model LAB: Exploring the Android environment The Android Penetration Testing Workspace The Android emulator Emulator VS. device testing The debug bridge LAB: The Android emulator Tools of the trade Using AppUse ("Android Pen-test Platform Unified Standalone Environment") VM LAB: AppUse feature walkthrough Android Application Static Analysis The APK file package Extracting file content Investigating layout, manifest, permissions and binaries Analyzing file system access LAB: Locating secrets in code & configuration files Investigating database & storage usage Identifying local SQL Injections in SQLite LAB: Binary decompilation & disassembly 2 P a g e

Day 2 Application Dynamic Analysis Debugging Setting breakpoints LAB: Manipulating client side UI controls LAB: Bypassing authorization restrictions Memory analysis Memory dumps Patching & Binary modifications LAB: Reverse engineering target applications Traffic Manipulation Remote Authentication Traffic interception Using proxies Bypassing server certificate validations LAB: Importing SSL certificates & trusted CA's Exposing insecure traffic LAB: Traffic manipulation using the AppUse VM 3 P a g e

Day 3 Introduction to iphone Security Top issues facing mobile apps What makes mobile security so different? Mobile malware iphone OS security built-in ios security mechanisms Application file system isolation Database isolation The permission model LAB: Exploring the iphone environment The iphone Penetration Testing Workspace The ios emulator Simulator VS. device testing Jailbreaking the iphone enabling advanced features for PT purposes Command line remote access Tools of the trade LAB: working with the simulator vs. real device Application Static Analysis The file package Extracting file content Investigating binary content Data storage locations Analyzing file system access LAB: Locating secrets in code & configuration files Investigating database & storage usage Identifying local SQL Injections in SQLite LAB: Binary decompilation & disassembly 4 P a g e

Day 4 Application Dynamic Analysis Debugging Setting breakpoints LAB: Manipulating client side UI controls LAB: Bypassing authorization restrictions Memory analysis Memory dumps Decrypting applications content Patching & Binary modifications LAB: Reverse engineering target applications Traffic Manipulation Remote Authentication Traffic interception Using proxies Bypassing server certificate validations LAB: Importing SSL certificates & trusted CA's Exposing insecure traffic LAB: Traffic manipulation 5 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information