Mobile Application Hacking Training
... > Training Courses > Mobile Application Hacking Training
Mobile Application Hacking Training
Hacking mobile apps is a great way to a first step to gain access to the critical information and hacking the back-end. Learn how to identify security flaws in iOS & Android apps to reduce costs by implementing security features early on.
Why should you attend?
- Gain knowledge of the Android and iOS architecture setup
- Gain knowledge of security concepts and methods for protecting mobile applications
- Create a basic toolbox to perform actual security testing of dummy mobile applications
- Being able to perform basic mobile application security testing after the course
- Learn to perform several mobile application attacks like MitM and modifying application data
- Learn to identify security weaknesses in cryptography
- Learn to perform filesystem analysis
- Get access to multiple sources to develop your skills further
This is a very interactive training course with lots of exercises and demonstrations to support effective learning.
Intended Audience
This training is suitable for:
- Mobile application developers
- Pentesters
- Mobile application testers
- Software engineers
- Technical staff involved in security management
Required Skills & Expertise
Technical background and expertise is required for this course as the training will describe in depth technical concepts and requires execution of various scripts. Programming experience is not required, though useful. Experience with the Linux command line is a plus.
Program
The Mobile Security training course consists of two days. The first day is focused on Android and the second day on iOS. We start from a theoretical perspective with practical exercises in each afternoon, so you go home with a toolbox and practical experience.
Day 1 - Android
General Mobile Security (MASVS Framework)
- Key Areas according to OWASP MASVS
- General information about MASVS and its levels
- Architecture and Design (V1)
- Data Storage and Privacy (V2)
- Cryptography (V3)
- Authentication and Authorization (V4)
- Network Communication (V5)
- Interaction with the mobile platform(V6)
- Code quality and exploit mitigation (V7)
- Anti-Tampering and anti-reversing (R)
- Mobile application taxonomy
Android platform internals
- General information & Platform architecture
- Java applications vs Android applications
- Dalvik / Android runtime
- Users, permissions, file structure
- Security features in Android
- What is new in the Android security features
- Application components
Methods and tooling
- Physical device vs Emulator
- Emulator configuration
- Tooling & Test setup
- Automated tools
Workshop: Secura InsecureShop
- Reconnaissance and APK analysis
- How to identify Security Vulnerabilities?
- Root detection bypass
- Analyzing network traffic and crypto implementation
- Reverse Engineering to circumvent Certificate Pinning
- Testing application components (Content Providers, Activities, etc.)
How to perform a mobile Android application assessment?
- Guidelines and best practices to perform a security assessment.
Day 2 - iOS
iOS platform internals
- Platform architecture
- Application runtime
- Users, permissions, file structure
- Application folder structure
- Application fundamentals
- Inter-app communication (IPC)
- New security features in iOS
Security features and flaws
- Apple iOS security features
- Secure Boot
- Secure enclave
- Touch ID
- Face ID
- File data protection
- Apple iOS security flaws
- Jailbreaking
Application Fundamentals
- App development & languages
- iPA format
- iOS privilege model
- Security Consideration
Methods and tooling
- Simulator
- Tooling
- Test setup
Demo: iOS file system analysis
- Demonstration of how to analyse the file system with concrete examples
Demo: iOS application testing
- Cover the security testing of a vulnerable iOS application
Interested in the Mobile Application Hacking Training?
If you are interested in hosting this interactive and tailored workshop at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.
Why choose Secura | Bureau Veritas
At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.
Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.