- Duration: 3 Months
Course details
Certified Android penetration testing Training will help the students and application developers to discover new techniques for android based application hacking. Android is a Linux based kernel mobile platform which had gained its popularity in mobile based smart phone devices. Due to the rise in competition organizations have adopted the new technology of android based application in order to remain in touch with their customers every time. Starting from banking industry to hospital industry every organization has shifted their focus in developing android applications to be in touch with their clients.
Just like the web based application requires periodical penetration testing android applications also requires the same as they are exposed to the same risks. Android penetration testing is the integral part of SDLC. Our Certified Android Penetration Testing Training focuses on how students and android developers can test their application before they launch it into the market. Android platform need to be secure in two levels i.e application level & device level. We will use virtual machine for testing android application with the use of different tools like Burp suite, Mallory, APK tool, Manifest explorer, Android SDK etc.
Course Content:
Lesson 1: Introduction To Android Security
Android is a Linux kernel mobile platform. Android runs on a wide range of devices, from mobile smartphones and tablets, to set-top boxes. The Android mobile operating system is dependent upon the mobile device's processer capabilities for its performance.
Lesson 2: Creating a Suitable Penetration Testing Environment
- Introduction To Custom ROMs And Kernels
- Introduction to Bootloaders and Recoveries
- CWM and TWRP
- Flashing custom Recoveries
- Flashing custom ROMs and Kernels
- Introduction to CyanogenMod, AOSP, AOKP and other Android projects
Lesson 3: Application dynamic run-time analysis
- Monitoring process activity
- Observing file access
- Monitoring network connectivity
- Analyzing logs
- Run time instrumentation and manipulation
- Memory modification for running applications
Lesson 4: Traffic analysis and manipulation
- Common Vulnerabilities Related to Traffic
- Proxies and sniffers
- Sensitive information transmission
- Importing SSL certificates & trusted CA's
- Bypassing server certificate validations
- Exposing insecure traffic
- Validating server certificates and avoiding man-in-the-middle
- Client side certificate authentication
Lesson 5: Pentesting Server-side Communication
- Common app-to-server vulnerabilities
- Proxies vs Transparent Proxies
- Installing Trusted CA on an Android device
- Performing fuzzing on the Application Server
- Testing for conventional vulnerabilities server-side (Eg. SQLi, XSS, CSRF, Cookie Hijacking etc)
Lesson 6: Android Malware
- Students will be provided an Android malware sample to test and decompile and analyze
- Android malware apk testing to decrypt communication
- Providing Source-code of a second Android malware for manual modification and compiling
- Identifying connection strings and API calls
Lesson 7: Penetration Testing with Android
- Setting up various tools and security suites to facilitate penetration testing with an Android device
- Packet sniffing and DOS attacks on Android
- ARP Spoofing on Android devices
Lesson 8: Vulnerability scanners
Lesson 9: Maintaining anonymity on an Android device
Lesson 10: Network Pentesting using Android devices
Lesson 11: Web Application attack techniques on Android
Lesson 12: Running Kali tools within Android devices
Updated on 30 October, 2018Eligibility / Requirements
Students and working professionals who have strong command on Java programming language and android development can go for this course. It is highly recommended course for android developers who can really develop a bug free applications for their organization.
Job roles this course is suitable for:
Application Penetration Tester , Cyber Security , Information Security ConsultantAbout Indian Cyber Security Solutions - ICSS
Certified Ethical Hacker (CEH) Related Questions
- JavaScript Full stack web developer virtual internship Virtual Bootcamp + Internship at LaimoonAED 1,449Duration: Upto 30 Hours
- Python Ethical Hacking Zero to Mastery Course LineAED 89Duration: Upto 9 Hours
- Certified Ethical Hacker (CEH) Practice Exam Testprep TrainingAED 74Duration: 1 To 2 Months