With most of our digital lives now revolving around the use of smartphones and tablets, mobile security has become a major security concern. This course will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put our consumer and data privacy at risk. We cover real world examples security breaches either of the smartphone security framework or by 3rd party applications. Concepts of rooting/jailbreaking will be covered to show how 3rd party apps can be installed on the device. The training also covers in detail the various security frameworks across different mobile platforms like Apple & Android with understanding of common threats and best security practices. Secure mobile application design strategies will be put forward to encourage programmers and developers to write secure code in their application(s) for making robust and hardened apps. This will ensure the highest levels of security measures in the apps and subsequently peace of mind for the clients.
Who should attend?
- This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
Android application security
- Introduction to Android
- Android Security Architecture
- What is ADB?
- Setting up Android Pentesting Environment (Genymotion)
- Android Applications Components
- Setting up a Burp proxy
- Apk files in nutshell
- Reversing android applications
- Logging based Vulnerabilities
- Bypassing SSL pinning
- Leaking Content Providers
- Client Side Injections
- Read Based Content Providers Vulnerabilities
- Insecure Data Storage
- Broken Cryptography
- Android application interaction and Intent manipulation with Drozer
- Exploiting Android devices with Metasploit
- Testing for the OWASP Top 10 of Mobile Applications:
- Improper Platform Usage
- Insecure Data Storage
- Insecure Communication
- Insecure Authentication
- Insufficient Cryptography
- Insecure Authorization
- Client Code Quality
- Code Tampering
- Reverse Engineering
- Extraneous Functionality
- MVC And Event Driven Architecture
- ARM Processor
- iOS Security Mechanisms:
- Security Architecture
- Secure Boot Chain
- Loading Trusted Applications
- Application Isolation
- Data Encryption
- Network Security
- Logging into your Jailbroken Device
- Tools to install
- SQLite Databases
- Plist Files
- Runtime Analysis with Cycript
- Lifecycle of an Application
- Cycript + Class-dump-Z
- Decrypting Applications:
- Runtime Analysis with GDB
- Data Storage and security
- SQLite Data Files
- Core Data Services
- Cached Data
- Monitoring Network Communications
- Backend Web Services Attack
- Authentication Authorization and Session Management Attacks
- XML Parsing Bugs
- Improper Encryption
- Directory Traversal Attacks
- Insecurity due to underlying C
- UDID Privacy Concerns
- Application Fuzzing
- Anti-Anti Piracy with GDB
- Mobile Substrate
Faculty has a good trainers. Yes, the course met its objective.
Bhushan Jeevan Rane, Assistant Manager – SHCIL
Faculty has delivered the content clearly. He has a good subject knowledge.
Mukesh Lokre, Information Security Analyst – Travelex
Faculty has excellent knowledge on Mobile testing & has delivered it very well. Yes the course met its objective
Information Security Analyst – Travelex
Very impressive, knowledgeable, technically sound & skilled trainers.
Chinmay Dhawale, Information Security Analyst – Travelex
Faculty has good understanding of the subject & well versed with testing methodologies. Yes the course was helpful in giving an insight into mobile application test, how to get it started & tested.
Priyanka Sovasaria, Information Security Analyst – Travelex
Faculty is good & has explained the topics very well.
Shital Ranadive, Info Security Analyst – IDBI Intech Ltd
Faculty has in-depth knowledge & experience on security vulneralisation.
Vinay Kumar, Asst. Professor (Vasavi College Of Engineering)
Faculty is excellent.
Vaibhav Jindal, Project Manager (Bharti Axa Life)
Faculty has demonstrated the topic pretty well and the hand’s on training was very helpful.
Abhijay Singh, Analyst (IDBI Intech)