Certified Mobile Security Professional: Android

Quorse - Your Training Wholesaler

  • Enjoy discounts up to 60% off!
  • Chat with us Live to get a Quotation to see it for yourself!
  • All courses are HDRF Claimable

Private Class from

3000/day

(3 Days)

BENEFITS

This course will enable Security Professionals & Android developers to understand Top 10 OWASP Mobile Security Issues & Common mistakes mobile programmers commit leading to Vulnerabilities and Attacks. This course also covers on how to test your mobile applications using the real hacker methodologies (manual hacking) and tools to find the vulnerabilities and fix / harden them before an attack on your application / infrastructure.


Course certificate is issued by Kaapagam and Cyber Security Malaysia

WHAT YOU WILL LEARN

Mobile devices in every users' hand takes the attack surface deep in to your organization and mobile applications are the easiest way out for data leakage as the devices store sensitive corporate data. Smart mobile devices are part of everyone's life and infrastructure and users rely on them for lot of business activities daily. How many of us in IT & IT Security know how to access the security exposure and risk thru these mobile devices and the applications that run on these devices. With this course take a deep dive in to understanding the Android Architecture and on how to evaluate the security posture of the Applications that run on Android inclusive of the Mobile Banking Apps.

AUDIENCE

IT Managers, IT Security Officers, System Administrators, Network administrators, Developers, Security Posture Assessors & Pentesters, IT Security Auditors and anyone who is concerned about deploying or managing Mobile Applications in the Enterprise

METHODOLOGY

  • 90% Hands on Lab Exercises
  • In depth Knowledge from experienced Trainer
  • A complete project with VAPT Report

Module 1 - Introduction of Android Security and Top 10 OWASP Mobile Security Issues
  • Introduction to Android
  • Android OS
  • Android Architecture
  • Android Application & Components
  • Android Security Model
  • Introduction of Top 10 OWASP Mobile Security Issues
    • M1 : Weak Server Side Controls
    • M2 : Insecure Data Storage
    • M3 : Insufficient Transport Layer Protection
    • M4 : Unintended Data Leakage
    • M5 : Poor Authorization and Authentication
    • M6 : Broken Cryptography
    • M7 : Client Side Injection
    • M8 : Security Decisions Via Untrusted Inputs
    • M9 : Improper Session Handling
    • M10 : Lack of Binary Protections
Module 2 - Setup Android Pentest Lab and Rooting
  • Installing Android Studio
  • Android Emulator
  • Root Privilege
  • Creating “Hello World” Android Application
  • Android Debug Bridge (ADB)
  • Shell Commands
  • Activity Manager (AM)
  • Package Manager (PM)
  • OWASP Mobile Security Project – MobiSec
  • Kali Configuration
  • Installing & Configuring Santoku OS
  • APK & Dex2Jar
  • Proxy Tools
  • Drozer
Module 3 - Android Application Reverse Engineering
  • Digging into Android App
  • Android Package Files (APKs) and Unpacking APKs
  • Inspecting application certificates and signatures
  • How to verify application signature (Tamper Protection)
  • AndroidManifest.xml Inspection
  • Decoding XML/Resource Files
  • Decompiling Android Executable Files
  • Interacting with the activity manager via ADB
  • Local file inclusion
  • Client-side injection attacks
  • Lack of Binary Protections
  • Source Code Review
  • Securing application components
  • Protecting components with custom permissions
  • Protecting content provider paths
  • Debugging the Android processes using the GDB server
  • Tamper protection by detecting the installer, emulator, and debug flag
  • Removing all log messages with ProGuard
  • Advanced code obfuscation with DexGuard
  • Exploiting Debugging Application
  • Auditing Android Applications
Module 4 - Intercepting Android Traffic
  • Passive & Active analysis
  • Network Sniffing & Extracting Sensitive Data
  • HTTP/S Proxy Interception
  • Unsafe sensitive data transmission
  • Insufficient Transport Layer Protection
  • Unintended Data Leakage
  • Broken Cryptography
  • Improper Session Handling
  • HTTPS and SSL
  • Path traversal vulnerability
Module 5 - Input Validation
  • SQLite in Depth
  • SQL injection : Attacks & Defences
  • Cross Site Scriptiong
  • Other Untrusted Input
Module 6 - Cross-Application Scripting and server side
  • Weak Server Side Controls
  • WebView vulnerability
  • Using WebView in the application
  • Infecting legitimate APKs
  • Vulnerabilities in AD libraries
Module 7 - Social Engineering
  • Social Engineering Toolkit (SET)
  • Remote Connection
  • Key Logger
  • Data Stealth
Module 8 – Vulnerability Assessment & Penetration Testing
  • Vulnerability Assessment and Penetration Testing the Android phones and Apps Tools
    • Drozer
  • Penetration Testing with Android Phones
    • zANTI Enterprise Mobile Risk Assessment
    • Kali
  • Vulnerability Assessment & Penetration Testing Report

Trainers