I.       Overview:

This course focuses on Mobile Application Penetration testing. The course will demonstrate common techniques to extract sensitive data from Mobile Application such as API Keys, stored secrets, and firebase databases, and provide a solid foundation for continuing a career as a Mobile Application Penetration Tester.

This course aslo includes customized VM with pre-installed tools which will save your time in installing multiple tools required for penetration testing of mobile applications.

• Start from Android/IOS architectures basics.
• Get a Customized VM with pre-installed tools
• Automated the Mobile Application Testing Process
• Covers Mobile applications reverse engineering.
• Practice on real world mobile applications.
• Build your own home lab on mobile application security.
• Provides you the skills necessary to perform Penetration tests of mobile applications.
• Automate the process of Mobile Testing
• Cover OWASP Top 10 vulnerabilities

II.    Duration:

40 hours ( 5 days)

III. Benefits:

By the end of the program, participants will be able to do:

• Conduct an static analysis of iOS and Android filesystem data to plunder compromised devices and extract sensitive mobile device use information
• Conduct an automated security assessment of mobile applications
• Conduct API security testing for mobile application
• Intercept and manipulate mobile device network activity
• Leverage mobile-device-specific exploit frameworks to gain unauthorized access to target devices

IV. Who is this course for:

• Penetration testers
• Forensers
• Mobile App Developers
• IT personnel
• Anyone who has a personal or professional interest in attacking mobile applications.
• All who wants to start their carrier in android security.

V.    Prerequisites:

The student should have:

• A basic understanding of Web Application or API-based penetration testing
• Some familiarity with Mobile Application platforms such as iOS and Android (like how to navigate to settings, install applications, etc.) is expected.

VI.  Course outlines:

1.      Environment setup

• Android
  • Geny Motion, Android Studio, APK tool, Mobsf, Drozer, Jadx
  • Inspeckage, Adb, Frida
  • Root real device and virtual devices

• IOS
  • Simulator (Xcode)
  • Emulator (Corellium)
  • Jailbreak real device.

2.      Mobile API Testing

• Burp Suite
• ZAP

3.      Mobile analysis

• Static Analysis
• Archive Analysis
• Reverse Engineering
• Local File Analysis
• Network and Web Traffic
• Dynamic Analysis
• Inter-process Endpoint Analysis

4.      Mobile Checklist

• Architecture, design and threat modelling
• Data Storage and Privacy
• Cryptography
• Authentication and Session Management
• Network Communication
• Platform Interaction
• Code Quality and Build Settings
• Resiliency Against Reverse Engineering