- Popular Courses
- Certification Courses
- Testing Courses
- Professional Manual Testing Program (PMTP)
- Database Essentials for Software Testers
- Test Automation Using Selenium with Java
- Test Automation Using Selenium with C#
- Test Automation Using Selenium with Cucumber
- Test Automation using Microsoft Coded UI with C#
- Web Services Testing Using SOAPUI
- Performance Testing Using JMeter
- Performance Testing Using HP Loadrunner
- Security Courses
- BA/Agile Course
- Other Training Courses
With the advent of the smartphone explosion, most web applications are diversifying to mobile apps. With the increase in services available for mobile apps, mobile apps become an easy attack front for the attackers. Not only can they be used to access customer data, they can also lead to major data breaches from the servers. In this course all common attacks like Insecure data storage, Insecure communication, authentication bypass etc. are covered. This course will begin by introducing Basics of Penetration Testing, Mobile Application Security, Android Architecture, Android Debug Bridge (ADB), Decompiling and reversing APK.
This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
Duration: 2 Days
- Introduction to Android
- Android Security Architecture
- What is ADB?
- Setting up Android Pentesting Environment (Genymotion)
- Android Applications Components
- Setting up a Burp proxy
- Apk files in nutshell
- Reversing android applications
- Logging based Vulnerabilities
- Bypassing SSL pinning
- Leaking Content Providers
- Client-Side Injections
- Read Based Content Providers Vulnerabilities
- Insecure Data Storage
- Broken Cryptography
- Android application interaction and Intent manipulation with Drozer
- Exploiting Android devices with Metasploit
- Testing for the OWASP Top 10 of Mobile Applications:
- Improper Platform Usage
- Insecure Data Storage
- Insecure Communication
- Insecure Authentication
- Insufficient Cryptography
- Insecure Authorization
- Client Code Quality
- Code Tampering
- Reverse Engineering
- Extraneous Functionality
Session 4: IOS Application Security
- MVC And Event Driven Architecture
- ARM Processor
- iOS Security Mechanisms:
- Security Architecture
- Secure Boot Chain
- Loading Trusted Applications
- Application Isolation
- Data Encryption
- Network Security
Session 5: Creating a Pentest Platform
- Logging into your Jailbroken Device
- Tools to install
- SQLite Databases
- Plist Files
Session 6: Runtime Analysis
- Runtime Analysis with Cycript
- Lifecycle of an Application
- Cycript + Class-dump-Z
- Decrypting Applications:
- Runtime Analysis with GDB
Session 7 – Exploiting iOS Apps
- Module 9: Porting Exploits to Metasploit
Q: When are the courses held?
A: The courses are scheduled monthly throughout the year.
Q: What do I take away from the course?
A: As well as the skills to use the product, you also receive a comprehensive workbook and a certificate of attendance.
Q: Do I get a course manual to keep?
A: Yes, you receive a comprehensive workbook.
Q: Where are the classroom training courses held?
A: The courses are all held in Parramatta, Sydney.
Q: Is the training practical or theory based?
A: Both. All of our course combine practical demonstrations and theory. You will have a sole use of a laptop throughout the course and can practice what you have learnt at the end of each chapter.
Q: Do I need to bring a laptop?
A: Yes, it is required to help you start from scratch on your own machine.
Q: Is there an exam?
A: You do not sit an exam at the end of the course.
Q: What qualification will I get?
A: You will receive a certificate of attendance.
Q: Do I need any previous practical experience?
A: This depends on the course you choose to take. All of our Introductory and Complete courses require no prior knowledge. If you are considering attending an Advanced course, but have not sat the basic course, then you will be expected to have relevant practical experience in the tool.
Q: Do you offer on-site training?
A: Yes, all of our courses can be delivered as on-site courses. We provide all laptops, projector, workbooks and certificates. We can also deliver on-line training just for your company with a schedule to suit you.
Q: Do you offer post course support?
A: Yes, in two ways; firstly, all our trainers can help with initial queries you may have when using the tools post-course via email. Secondly we also provide short-term on-site internship.