Certified Android Mobile Security | IT Training & Certification | Info Trek
Respect Your Dreams
Follow through on your goals with courses

Certified Android Mobile Security

Location

Format What’s this?
  1. 3 Days
  1. All of our private classes are customized to your organization's needs.
  2. Click on the button below to send us your details and you will be contacted shortly.
Request more information

Inquiry for: Myself    My Company

By providing your contact details, you agree to our Privacy Policy

 

 

 

Thank You

Our learning consultant will get back to you in 1 business day

Certified Android Mobile Security

WHAT YOU WILL LEARN

This course will enable Security Professionals & Android developers to understand Top 10 OWASP Mobile Security Issues & Common mistakes mobile programmers commit leading to Vulnerabilities and Attacks. This course also covers on how to test your mobile applications using the real hacker methodologies (manual hacking) and tools to find the vulnerabilities and fix / harden them before an attack on your application / infrastructure.

AUDIENCE

IT Managers, IT Security Officers, System Administrators, Network administrators, Developers, Security Posture Assessors & Pentesters, IT Security Auditors and anyone who is concerned about deploying or managing Mobile Applications in the Enterprise

METHODOLOGY

This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises

Expand All

Modules

Module 1: Introduction of Android Security and Top 10 OWASP Mobile Security Issues

• Introduction to Android

• Android OS
• Android Architecture
• Android Application & Components
• Android Security Model
• Secure Development Life Cycle
• Introduction of Top 10 OWASP Mobile Security Issues
o Weak Server Side Controls
o Insecure Data Storage
o Insufficient Transport Layer Protection
o Unintended Data Leakage
o Poor Authorization and Authentication
o Broken Cryptography
o Client Side Injection
o Security Decisions Via Untrusted Inputs
o Improper Session Handling
o Lack of Binary Protections

Module 2: Setup Android Pentest Lab and Rooting

• Installing Android Studio

• Android Emulator

• Root Privilege

• Creating “Hello World” Android Application

• Android Debug Bridge (ADB)

• Shell Commands

• Activity Manager (AM)

• Package Manager (PM)

• OWASP Mobile Security Project – MobiSec

• Kali Configuration

• Installing & Configuring Santoku OS

• APK & Dex2Jar

• Proxy Tools

• Drozer


Module 3: Android Application Reverse Engineering

• Digging into Android App

• Android Package Files (APKs) and Unpacking APKs

• Inspecting application certificates and signatures

• How to verify application signature (Tamper Protection)

• AndroidManifest.xml Inspection

• Decoding XML/Resource Files

• Decompiling Android Executable Files

• Interacting with the activity manager via ADB

• Local file inclusion

• Client-side injection attacks

• Lack of Binary Protections

• Source Code Review

• Securing application components

• Protecting components with custom permissions

• Protecting content provider paths

• Debugging the Android processes using the GDB server

• Tamper protection by detecting the installer, emulator, and debug flag

• Removing all log messages with ProGuard

• Advanced code obfuscation with DexGuard

• Exploiting Debugging Application

• Auditing Android Applications


Module 4: Intercepting Android Traffic

• Passive & Active analysis

• Network Sniffing & Extracting Sensitive Data

• HTTP/S Proxy Interception

• Unsafe sensitive data transmission

• Insufficient Transport Layer Protection

• Unintended Data Leakage

• Broken Cryptography

• Improper Session Handling

• HTTPS and SSL

• Path traversal vulnerability


Module 5: Input Validation

• SQLite in Depth

• SQL injection : Attacks & Defences

• Cross Site Scriptiong

• Other Untrusted Inputs


Module 6: Cross-Application Scripting and server side

• Weak Server Side Controls

• WebView vulnerability

• Using WebView in the application

• Infecting legitimate APKs

• Vulnerabilities in AD libraries


Module 7: Social Engineering

• Social Engineering Toolkit (SET)

• Remote Connection

• Key Logger

• Data Stealth


Module 8: Vulnerability Assessment & Penetration Testing

• Vulnerability Assessment and Penetration Testing the Android phones andApps Tools

• Drozer

• Penetration Testing with Android Phones

• zANTI Enterprise Mobile Risk Assessment

• Kali

• Vulnerability Assessment & Penetration Testing Report


Clement Arul

Clement Arul

A professional who believes that adaptability of security is directly equal to the affordability of security products, services and trainings. Started creating security products, services and trainings and certifications that are affordable as well as be part of the team in creation Nation Cyber Security Frameworks.Clement is also a two-time recipient award of National Award from Govt of Malaysia: Cyber Security Professional of the Year in 2017 and 2014 as well as a three-time Regional Award winner of Cyber Security Professional of the Year Asia and APAC in 2020, 2019 and 2017. He was also awarded as APAC Cyber Security Educator of the Year in 2020 and 2019. Read More

Course Reviews

No Remarks

0

0 Ratings