Mobile Application Security and Penetration Testing Syllabus



Similar documents
SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Advanced ANDROID & ios Hands-on Exploitation

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

Enterprise Application Security Workshop Series

Security Testing Guidelines for mobile Apps

Mobile Application Security Testing ASSESSMENT & CODE REVIEW

Pentesting iphone Applications. Satishb3

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Pentesting Mobile Applications

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001

OWASP NZ Day 2011 Testing Mobile Applications

Please Complete Speaker Feedback Surveys. SecurityTube.net

Penetration Testing for iphone Applications Part 1

Pentesting Android Apps. Sneha Rajguru

AppUse - Android Pentest Platform Unified

Pentesting Android Mobile Application

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Mobile Application Security: Who, How and Why

Security Vulnerabilities in 3rd-Party ios Applications

Penetration Testing Android Applications

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application

Penetration Testing for iphone / ipad Applications

ios Testing Tools David Lindner Director of Mobile and IoT Security

Android Programming and Security

Android Security Evaluation Framework

Running a Program on an AVD

Android (in)security. Having fun with Android. Sarantis Makoudis

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH

Lab 4 In class Hands-on Android Debugging Tutorial

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

The "Eclipse Classic" version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended.

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

Pentesting ios Apps Runtime Analysis and Manipulation. Andreas Kurtz

Attack and Penetration Testing 101

Mercury User Guide v1.1

Introduction to Android. CSG250 Wireless Networks Fall, 2008

Practical Attacks against Mobile Device Management Solutions

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001

Deep Dive: PenTesting the Android and iphone

XenMobile Logs Collection Guide

Application Security Testing

Getting Started with Android Development

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

Università Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone

GOTO: H[a]CK. Practical ios Applications Hacking Mathieu RENARD mathieu.renard[-at-]gotohack.org mathieu.renard[-at-]sogeti.

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

Pen Testing ios Apps

DiamondStream Data Security Policy Summary

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum

ios applications reverse engineering Julien Bachmann

What else can you do with Android? Inside Android. Chris Simmonds. Embedded Linux Conference Europe Copyright 2010, 2net Limited.

Defending Behind The Device Mobile Application Risks

How To Test For Security On A Mobile Device

Information Security. Training

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

BYOD: End-to-End Security

Mobile Performance Management Tools Prasanna Gawade, Infosys April 2014

How to Install Applications (APK Files) on Your Android Phone

VMware Horizon Workspace Security Features WHITE PAPER

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Hello World. by Elliot Khazon

Table of Contents. Adding Build Targets to the SDK 8 The Android Developer Tools (ADT) Plug-in for Eclipse 9

Android Environment Emulator

Secure your ios applications and uncover hidden vulnerabilities by conducting penetration tests

2tre. Hacking ios Applications. GOTO: H[a]CK. Cliquez pour modifier le style des sous-titres du masque

The power of root on Android emulators

Android Development. Lecture AD 0 Android SDK & Development Environment. Università degli Studi di Parma. Mobile Application Development

Introduction to Android

Frequently Asked Questions Enterprise Mobile Manager

Android Development. Marc Mc Loughlin

BYOD Guidance: BlackBerry Secure Work Space

Securing Secure Browsers

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

Android vs. Apple ios Security Showdown Tom Eston

Fahim Uddin 1. Java SDK

Introduction to Android

Network Test Labs (NTL) Software Testing Services for igaming

Android Physical Extraction - FAQ

MASTER'S THESIS. Android Application Security with OWASP Mobile Top James King 2014

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

The Incident Response Playbook for Android and ios

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Mobile Device Penetration Testing Framework and Platform for the Mobile Device Security Course

Allow Installation from Unknown Sources

M100 System File Manager Help

Технологии Java. Android: Введение. Кузнецов Андрей Николаевич. Санкт-Петербургский Государственный Политехнический Университет

Tutorial on Basic Android Setup

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

BYOD AND NEXT- GENERATION MOBILE SECURITY

Legal notices. Legal notices. For legal notices, see

Transcription:

Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP Top 10 Mobile Risks 1.3.2.Physical Security 1.3.3.Poor Keyboards 1.3.4.User Profiles 1.3.5.Web Browsing 1.3.6.Malwares 1.3.6.1. Malware History 1.3.6.2. Malware Spreading 1.3.7. Patching and Updating Day-1 Mobile OS Architectures and Security Model 2.1. Android 2.1.1.Android Architecture 2.1.2.Android Security Models 2.1.2.1. Privilege Separation and Sandboxing 2.1.2.2. File System Isolation 2.1.2.3. Storage and Database Isolation 2.1.2.4. Application Signing 2.1.2.5. Permission Model 2.1.2.6. Memory Management Security Enhancement 2.1.2.7. Components 2.1.2.8. Google Bouncer 2.1.3.Rooting Devices 2.2. ios 2.2.1.iOS Architecture 2.2.2.iOS Security Models 2.2.2.1. Privilege Separation 2.2.2.2. Sandbox

2.2.2.3. Code Signing 2.2.2.4. Keychain and Encryption 2.2.2.5. DEP/ASLR 2.2.2.6. Reduced OS 2.2.2.7. Security ios Overview 2.2.3.Jailbreaking Devices Day-2 Android- Setting up a Test Environment 3.1. Android SDK 3.1.1.Windows OS 3.1.2.Linux OS 3.2. Eclipse IDE 3.3. AVD and Actual Devices 3.3.1.Start AVD 3.3.2.Edit Virtual Devices Definitions 3.3.3.Create New Virtual Device 3.3.4.Run and Interact with Virtual Devices 3.3.5.Improve Virtual Devices Performance 3.3.6.Connect Actual Devices via USB 3.4. Interact with the Devices 3.4.1.Android Debug Bridge 3.4.1.1. List Devices 3.4.1.2. Gather Device Information 3.4.1.3. ADB Shell 3.4.1.4. Browse the Device 3.4.1.5. Read Databases 3.4.1.6. Move Files from/to the Device 3.4.1.7. Sqlite3 3.4.1.8. DDMS File Explorer 3.4.1.9. Mount Device Disk 3.4.1.10. Install / Uninstall Application with gdb 3.4.2.Install and Run Custom Application 3.4.3.BusyBox 3.4.4.SSH 3.4.5.VNC

ios- Setting up a Test Environment 4.1. ios SDK 4.1.1.Xcode IDE 4.1.2.iOS Simulator 4.1.3.Writing an ios App 4.2. ios Simulator and Xcode Limitations 4.3. File System and Device Interaction 4.3.1.Directory Structure 4.3.2.Plist Files 4.3.3.Databases 4.3.4.Logs and Cache Files 4.3.5.Browse Application Files and Folders 4.3.5.1. Plist 4.3.5.2. Databases 4.3.5.3. Library and Caches 4.3.5.4. Cookies.bynaricookies 4.3.6.Extract Files from Devices 4.3.7.Snapshots 4.3.8.Export Installed Apps 4.3.9.Install Applications 4.3.10. SSH Access 4.3.11. Xcode Organizer 4.4. Backups 4.5. Interact with Jailbroken Devices 4.5.1.SSH Access 4.5.1.1. Windows OS 4.5.1.2. Mac/Linux OS 4.5.1.3. SSH via cable (USB) 4.5.1.4. BigBoss Recommended Tools 4.5.2.SFTP (FTP via SSH) 4.5.3.Explorer Software 4.5.4.VNC 4.5.5.Run Apps without Developer Account

4.5.5.1. Don t code sign 4.5.5.2. Self-Signed Certificate 4.5.5.3. Create and Run Custom Apps 4.5.5.4. From.app to.ipa 4.5.6.Edit Existing Application Files 4.5.7.Keychain Dumper Day-3 Android-Reverse Engineering and Static Analysis 5.1. Decompiling and Disassembling.apk files 5.2. Smali 5.3. Decompile.apk to.jar files 5.4. From.jar to Source Code 5.5. Decompiling/Disassembling Overview 5.6. Labs 5.6.1.Locating Secrets 5.6.2.Bypassing Security Controls 5.7. Patching Binaries ios-reverse Engineering and Static Analysis 6.1..ipa and.app files 6.2. Plist 6.3. Decompiling ios Apps: Otools 6.4. Decompiling ios Apps: class-dump 6.5. Decompiling ios Apps: IDA 6.6. LAB 6.6.1.Locating Information 6.7. Patching ios Apps Simulator

Day-4 Android-Dynamic/Runtime Analysis 7.1. Debugging 7.2. LogCat 7.3. DDMS 7.4. Memory Analysis 7.4.1.DDMS 7.4.2.HPROF 7.4.3.Strings 7.4.4.Inspect HPROF Dump 7.4.5.MAT 7.5. IPC Mechanisms and App Components 7.5.1.Intents 7.5.2.Android Tools 7.5.2.1. Monkey 7.5.2.2. Activity Manager 7.5.2.3. LAB: Bypass Security Checks 7.5.3.Content Providers 7.5.3.1. Example #1 7.5.3.2. Example #2 7.5.3.3. Example #3 7.5.3.4. Query a Content Provider 7.5.3.5. Find the Correct URI 7.5.3.5.1. LAB: Content Providers Leakage 7.5.3.6. SQL Injection 7.5.3.6.1. LAB: SQL injection 7.5.3.7. Directory Traversal 7.5.4.SharedUID ios-dynamic/runtime Analysis

8.1. Manually Decrypt Applications Binaries 8.1.1.GDB 8.1.2.Ldid 8.1.3.Identify ASLR/PIE 8.1.4.Calculating Area to Dump 8.1.5.Attach GDB and Dump the Area 8.1.6.Mere the Dump 8.1.7.Edit cryptid values 8.1.7.1. MachOView 8.1.8.Debug/Run the App 8.2. Decrypt Applications Binaries: Clutch 8.3. Runtime Manipulation 8.3.1.Cycript 8.3.1.1. Install Cycript 8.3.1.2. Attach Cycript to a Process 8.3.1.3. Interact with Cycript 8.3.1.4. Pop up an Alert at runtime 8.3.1.5. Bypass the Lock Screen 8.3.1.6. Attack Custom Apps: LogMeIn 8.3.1.7. Attack Custom Apps: LogMeIn2 8.4. GDB 8.4.1.Objc_msgSend 8.4.2.ARMv6 Processor Registers 8.4.3.Runtime Analysis with GDB 8.4.4.Attack Applications with GDB Day-5 Android Network Analysis 9.1. Traffic Sniffing 9.2. Proxying Emulators and Actual Devices 9.3. Intercept Application and SSL Traffic 9.3.1.Intercept with Rooted Device and ProxyDroid 9.4. Traffic Manipulation ios Network Analysis 10.1. Traffic Sniffing 10.2. Proxying Simulators and Actual Devices 10.3. Proxying and Intercepting SSL Traffic: Charles 10.4. Proxying and Intercepting SSL Traffic: Burp 10.5. SSL Traffic on Actual Devices 10.5.1. Charles 10.5.2. Burp

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information