Overview
Program Structure
Book Now
FAQs

Course Overview:

With the advent of the smartphone explosion, most web applications are diversifying to mobile apps. With the increase in services available for mobile apps, mobile apps become an easy attack front for the attackers. Not only can they be used to access customer data, they can also lead to major data breaches from the servers. In this course all common attacks like Insecure data storage, Insecure communication, authentication bypass etc. are covered. This course will begin by introducing Basics of Penetration Testing, Mobile Application Security, Android Architecture, Android Debug Bridge (ADB), Decompiling and reversing APK.

Intended Audience:

This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.

Duration: 2 Days

Course Content

Session 1

  • Introduction to Android
  • Android Security Architecture
  • What is ADB?
  • Setting up Android Pentesting Environment (Genymotion)
  • Android Applications Components
  • Setting up a Burp proxy

Session 2

  • Apk files in nutshell
  • Reversing android applications
  • Logging based Vulnerabilities
  • Bypassing SSL pinning

Session 3

  • Leaking Content Providers
  • Client-Side Injections
  • Read Based Content Providers Vulnerabilities
  • Insecure Data Storage
  • Broken Cryptography
  • Android application interaction and Intent manipulation with Drozer
  • Exploiting Android devices with Metasploit
  • Testing for the OWASP Top 10 of Mobile Applications:
    • Improper Platform Usage
    • Insecure Data Storage
    • Insecure Communication
    • Insecure Authentication
    • Insufficient Cryptography
    • Insecure Authorization
    • Client Code Quality
    • Code Tampering
    • Reverse Engineering
    • Extraneous Functionality

Session 4: IOS Application Security

  • MVC And Event Driven Architecture
  • ARM Processor
  • iOS Security Mechanisms:
    • Security Architecture
    • Secure Boot Chain
    • Loading Trusted Applications
    • Application Isolation
    • Data Encryption
    • Network Security
  • Jailbreaking

Session 5: Creating a Pentest Platform

  • Cydia
  • Logging into your Jailbroken Device
  • Tools to install
  • SQLite Databases
  • Plist Files
  • Class-Dump-Z

Session 6: Runtime Analysis

  • Runtime Analysis with Cycript
  • Lifecycle of an Application
  • Cycript + Class-dump-Z
  • Decrypting Applications:
    • GDB
    • Clutch
  • Runtime Analysis with GDB

Session 7 – Exploiting iOS Apps

    • Module 9: Porting Exploits to Metasploit

Q: When are the courses held?
A: The courses are scheduled monthly throughout the year.

Q: What do I take away from the course?
A: As well as the skills to use the product, you also receive a comprehensive workbook and a certificate of attendance.

Q: Do I get a course manual to keep?
A: Yes, you receive a comprehensive workbook.

Q: Where are the classroom training courses held?
A: The courses are all held in Parramatta, Sydney.

Q: Is the training practical or theory based?
A: Both. All of our course combine practical demonstrations and theory. You will have a sole use of a laptop throughout the course and can practice what you have learnt at the end of each chapter.

Q: Do I need to bring a laptop?
A: Yes, it is required to help you start from scratch on your own machine.

Q: Is there an exam?
A: You do not sit an exam at the end of the course.

Q: What qualification will I get?
A: You will receive a certificate of attendance.

Q: Do I need any previous practical experience?
A: This depends on the course you choose to take. All of our Introductory and Complete courses require no prior knowledge. If you are considering attending an Advanced course, but have not sat the basic course, then you will be expected to have relevant practical experience in the tool.

Q: Do you offer on-site training?
A: Yes, all of our courses can be delivered as on-site courses. We provide all laptops, projector, workbooks and certificates. We can also deliver on-line training just for your company with a schedule to suit you.

Q: Do you offer post course support?
A: Yes, in two ways; firstly, all our trainers can help with initial queries you may have when using the tools post-course via email. Secondly we also provide short-term on-site internship.