Android Pentesting

Click Here to Fill the Enquiry Form

Course No: IS0042
This course will walk through the process of identifying and exploiting security issues on Android applications using a wide variety of tools and techniques required for pen-testing of Android Applications.

During the training program, participants will be taken through topics such as Android Security Model, Setting up the lab, Rooting, Assembling / Disassembling, Rapid static/dynamic analysis, Intercepting traffic, Network analysis, Memory dump analysis, Inter-Process Communication, etc. In the end, we will also cover countermeasures for most of the commonly found vulnerabilities in Android Apps.

By attending this course, students will be able to perform hands on penetration test and identify potential security vulnerabilities in the application. Along with this, participants will also be able to understand, how to mitigate these vulnerabilities.

This  course will be useful for almost all young computer engineers as Android is an emerging platform and knowledge of penetration testing will anyway keep them aware with secure strategy irrespective of being in testing or in development. Specifically this program will be helpful to following genre of people:

  • Penetration Testers
  • Android Application Developers
  • Security Architect and Engineers
  • Aspirant Computer Science Bachelors
We have some pre-requisite for this course. These are not mandatory but having them will certainly be a benefit for you.

  • Common Security Concepts
  • Basic knowledge of Linux
  • Basic knowledge of Android Device
Getting Familiar with Android

  • Introduction to Android
  • Android Security Model
  • Shared preferences in Android
  • System API permissions

Setting up the Lab

  • Emulator: Which one to choose, and why?
  • Android SDK
  • Setting up the Emulator (Virtual Device)
  • Network Traffic Interception
  • IDE (e.g. Eclipse)
  • Tools of the trade
    • ADB, Smali and Baksmali, Sqlite3, m0bliz3r, File explorer, Wire-shark, Intercepting proxy (Charles/Burp/ZAP), Android emulator, SSH, Drozer, Metasploit, Pro-guard, Eclipse.

OWASP: Mobile Top 10 Overview

  • M1: Insecure Data Storage
  • M2: Weak Server Side Controls
  • M3: Insufficient Transport Layer Protection
  • M4: Client Side Injections
  • M5: Poor Authentication and Authorization
  • M6: Improper Session Handling
  • M7: Security Decisions via Untrusted Input
  • M8: Side Channel Data Leakage
  • M9: Broken Cryptography
  • M10: Sensitive Information Leakage

Static Analysis

  • APK File package
  • Decompiling the APK
  • Rooting the Device
  • Investigating layout, Manifest, permission and binaries.
  • Investigating Local Storage
  • Re-compiling the APK
  • Application Signing, Attribution and Attestation
  • Getting more control with Metasploit.
Dynamic Analysis

  • Debugging
  • File Access Monitoring
  • Android Debug Bridge
  • Memory Dump Analysis
  • Network Monitoring
  • Investigating Inter-Process Communication
  • Investigating local storage at runtime.
  • Investigating local storage after uninstalling the App.

Server Side Testing

  • Traffic Interception
    • Setting up the proxy
    • Working with SSL certificates
    • Chained traffic interception
  • Insecure Communication
  • Testing for Authentication
  • Injection Attacks (SQL injection, XSS, etc.)
  • Authorization testing
  • Session Management testing
  • Investigating for Client Side Injections

Case Studies Countermeasures

  • Compiling Applications with Pro-guard
  • Secure Coding Guidelines
  • Mitigations for OWASP Mobile Top 10

DLP

$175

₹ 9,500
  • Slides Booklet
  • Tools/SW
  • Lab Booklet with Code Scripts
  • Class Room Demo
  • Hands On Training
  • Training Videos
  • Cloud Lab Access
  • Lifetime Support
  • Deliverable Via Post
  • 3 Months Access
$ 175

₹ 9,500

Online

$125

₹ 6,700
  • Slides Booklet
  • Tools/SW
  • Lab Booklet with Code Scripts
  • Class Room Demo
  • Hands On Training
  • Training Videos
  • Cloud Lab Access
  • Lifetime Support
  • Deliverable Via Downloads
  • 3 Months Access
$ 125

₹ 6,700

Virtual Class

$200

₹ 10,800
  • Slides Booklet
  • Tools/SW
  • Lab Booklet with Code Scripts
  • Class Room Demo
  • Hands On Training
  • Training Videos
  • Cloud Lab Access
  • Lifetime Support
  • Deliverable Via Downloads
  • 30 Hours Virtual Class
$ 200

₹ 10,800

Have a query?

You got any doubt, question, suggestion in mind? Contact us.
One of our team member will get back to you asap.

Would like to tell the world about this course? Why not share it?

Jay KumarAndroid Pentesting