Android Security32hours
Android is the most popular device operating system in the world. These devices contain every aspect of our life. When a device is compromised, your identity and occasionally a business can be at risk. Android penetration testing is the method of checking an android application for security flaws. Decompiling, real-time analysis, and security testing of Android applications are all included. This course will teach you how to do professional penetration testing operations on Android mobile applications using reverse engineering, static analysis, and dynamic analysis. You will first learn everything that is to know about the attack surface of Android applications and how to use reverse engineering and other tactics to take advantage of each vulnerability. The principles of Android OS (Android VM, Android security model, etc.), the build process (APK structure, compiling/signing applications, etc.), and how to set up your own testing environment are all addressed first. Upon completion of this course, you should be able to test any Android application.
WHY IT IS NEEDED?
- Enhance the quality, speed, and delivery of secure code by developers.
- Simplify patch management and vulnerability management.
- Prevent the leakage of sensitive customer data using secure apps.
- Reduce the time it takes to discover and correct security problems.
- Reduce the cost of compliance and continuous security monitoring.
Module 1: Overview of Android Pentesting
- Introduction to Android Architecture and Security Models
- Learn about Mobile OWASP Top 10 sites
- Understanding the mobile application penetration testing methodology
1hr. 10min.
Module 2: Preparing for the Battlefield
- Use of Emulators
- How to create Virtual Device?
- Understand all about AVD manager
- Testing – Emulator and Mobile Devices
2hrs. 27min.
Module 3: Role of Reverse Engineering and Static Analysis in Android Pentesting
- Obtaining an APK from device
- Learn to Reverse APK
- How to analyze permissions?
- Generating Static code review
- Hardcoded information
- Reviewing Log
- What is Race Condition?
- Analyze Insecure coding practices
- Investigate Improper coding practice
- Understand the roots of Weak encryption / encoding
2hrs 1min.
Module 4: Role Dynamic Analysis in Android Pentesting
- Learn to Install SSL certificate
- Understand the cause of session related vulnerabilities
- Analyze business logic vulnerabilities
- Implementing Transport layer security
- Use of Privilege escalations
- Use of Injection attacks
- Causes of Weak Encryption / Encoding
- Role of Authorization / Authentication checks
- Learn about weak server-side controls
- Use of Binary protection
- Overview of SQLite analysis
- Understanding Network traffic
1hr. 35min.
Module 5: Writing Pentest Report
- Learn the Different types of Reporting Techniques.
- Considering steps for remediation.
Pre-Requisite
- Linux Basics
- Programming Basics
( Java recommended ) - Familiarity with Mobile Application platforms such as Android
Target Audience
- Android App Developers
- Android Administrators
- IT professionals
- Research Analysts
- Students
Duration
- 32 Hours