Introduction to Android and its security measures, penetration testing of Android applications and penetration testing using Android devices.

Duration

Duration

40 hours

Eligibility

Eligibility

Knowledge of one server side programming (PHP or ASP.net or JSP), Web Application Penetration testing(WAPT) and an Android device.
Details of WAPT can be obtained here:- Web Application Penetration Testing

Course Fees

Course Fees

Rs.22,000/-

Course Details

Introduction to Android security
  • Mobile application threat model - What makes mobile application security so different?
  • The Android Linux OS security
  • The Dalvik VM
  • The Android security mechanisms
  • Application file system isolation & insecure file access
  • The permission model
  • Database isolation
  • The debug bridge
  • Rooting
Creating a suitable Penetration Testing environment
  • Introduction to custom ROMs and Kernels
  • Introduction to Bootloaders and Recoveries
  • CWM and TWRP
  • Flashing custom Recoveries
  • Flashing custom ROMs and Kernels
  • Introduction to CyanogenMod, AOSP, AOKP and other Android projects
  • CPU and i/o schedulers
  • Flashing custom scripts to modify device functionality
  • Bonus: Installing Kali Linux on Android (only on specific models, please enquire)
Application dynamic run-time analysis
  • Monitoring process activity
  • Observing file access
  • Monitoring network connectivity
  • Analyzing logs
  • Run time instrumentation and manipulation
  • Memory modification for running applications
Traffic analysis and manipulation
  • Common vulnerabilities related to traffic
  • Proxies and sniffers
  • Sensitive information transmission
  • Importing SSL certificates & trusted CA's
  • Bypassing server certificate validations
  • Exposing insecure traffic
  • Validating server certificates and avoiding man-in-the-middle
  • Client side certificate authentication
Pentesting Server-side communication
  • Common app-to-server vulnerabilities
  • Proxies vs Transparent Proxies
  • Installing Trusted CA on an Android device
  • Performing fuzzing on the Application Server
  • Testing for conventional vulnerabilities server-side (Eg. SQLi, XSS, CSRF, Cookie Hijacking etc)
  • Testing for application-logic flaws
Android Malware
  • Students will be provided an Android malware sample to test and decompile and analyze
  • Android malware apk testing to decrypt communication
  • Providing Source-code of a second Android malware for manual modification and compiling
  • Identifying connection strings and API calls
Penetration Testing with Android
  • Setting up various tools and security suites to facilitate penetration testing with an Android device
  • Packet sniffing and DOS attacks on Android
  • Vulnerability scanners
  • Network Pentesting using Android devices
  • ARP Spoofing on Android devices
  • Network discovery
  • Web Application attack techniques on Android
  • Running Kali tools within Android devices
  • Installing and using Penetration Testing suites (eg. Revenssis)
  • Maintaining anonymity on an Android device

 

Enroll Now

Fields marked with * are mandatory.

Workshop Seminar Newspaper Internet Facebook Others