Call 1-800-305-3855 for  more information on available plans and pricing

Study at your own pace

MASPT comes with life-time access to course material and exercises on Mobile application security.

Extremely Hands-on

Practice Mobile Application Security and Penetration Testing against a number of real world mobile applications that you can download and play with at any time.

Become Certified

Obtain the eMAPT certification and prove your practical skills with the only 100% practical certification on Mobile Application Security and Penetration Testing

Course at a glance
  • Start from iOS and Android architectures basics
  • Exposes Android and iOS vulnerabilities in-depth
  • Covers mobile OSs security mechanisms and implementations
  • Covers Mobile applications reverse engineering
  • In depth mobile applications static and dynamic analysis
  • Practice on real world mobile applications
  • Build your own home lab on mobile application security
  • Provides you the skills necessary to peform Penetration tests of mobile applications
  • Covers: APKTool, Dex2Jar, GDB Debugger, Cycript and many others
  • After obtaining the eMAPT certification qualifies you for 40 CPE
Course Material
  •     4 hours of HQ video training material
  •     21 highly technical modules
  •     26 apps to practice with
Course Delivery
  •     Self-paced / HTML5, PDF, MP4
  •     Off-line access available
  •     Access from PC, Tablet and Smartphone
Syllabus
Section: Android
  • Module 1 : Android: Android Architectures

    Before we dive into Security and Penetration Testing, we will introduce you to the Android environment. There are few key concepts you should be familiar with before we get started.

  • Module 2 : Android: Setting up a Testing Environment

    Prior to diving into Android Application Security, we need to have a means to examine, build, debug and run applications. For these purposes, we’ll need to install the Android Studio IDE (Integrated Development Environment).

  • Module 3 : Android: Android Build Process

    Understanding how Android Studio compiles the code and resources into a working Android application will help you better understand how all the pieces fit together. This will also provide insight into the protection employed to guarantee the authenticity of applications and circumstances by which they can be rendered meaningless.

  • Module 4 : Android: Reversing APKs

    In this section, we’ll discuss the process of reversing Android applications. This is an important skill for anyone who wants to audit the security of third-party applications where the source code is unavailable.

  • Module 5 : Android: Device Rooting

    Rooting is a process by which one obtains “root” or system level access to an Android device. In this module you will learn why it can be important for our security tests but also which are the implications of rooting a device.

  • Module 6 : Android: Android Application Fundamentals

    In order to perform a thorough pentest on Android application you must know and master all its components. In this module you will study all the fundamental concepts and topics that you may encounter during your security test tasks

  • Module 7 : Android: Network Traffic

    Mobile devices are unique in how they use networks, being almost exclusively wireless and often bouncing between cellular and Wi-Fi networks. To lower cellular data traffic, some cellular carriers provide Wi-Fi hotspots for their customers. Bad guys know this and will often set up fake Wi-Fi networks, tricking the devices into connecting. In this module you will learn how to configure your environment in order to inspect and analyze network traffic.

  • Module 8 : Android: Device and Data Security

    How securely data is stored on mobile devices has become a hot topic lately. In fact, Insecure Data Storage is second most common vulnerability, according to the OWASP Mobile Top Ten.

  • Module 9 : Android: Tapjacking

    If you are familiar with Clickjacking in web applications, you’re already familiar with the basic concepts of Tapjacking. In a Tapjacking attack, a malicious application is launched and positions itself atop a victim application. In this module you will see some example of Tapjacking, but also how to properly develop an Application to solve this issue.

  • Module 10 : Android: Static Code Analysis

    Static Code Analysis is a process for programmatically examining application code on disk, rather than while it is running. There are numerous scientifically rigorous approaches to the problems of validating that code is free of errors. In this module you will learn how to perform security tests on Android application by using different static code analysis.

  • Module 11 : Android: Dynamic Code Analysis

    Dynamic Code Analysis is the process by which code is reviewed for vulnerabilities by actually executing some or all of the code. This execution could occur in a normal environment, virtualized environment or a debugger. This type of inspection also allows you to directly observe network requests, interactions with other applications and the results of any error conditions encountered.

Section: iOS
  • Module 1 : iOS: iOS Architecture

    To understand the iOS ecosystem, we need to realize that iOS operating system is based on Darwin OS, which was originally written by Apple in C, C++ and Objective-C. Darwin is also at the heart of OSX, and thus OS X and iOS share some common foundation.

  • Module 2 : iOS: Device Jailbreaking

    Jailbreaking is the process of actively circumventing/removing such restrictions and other security controls put in place by the operating system. This allows users to install unapproved apps (apps not signed by a certificate issued by Apple) and leverage more APIs, which are otherwise not accessible in normal scenarios.

  • Module 3 : iOS: Setting up a Testing Environment

    Before we proceed, it is important to understand a few fundamental concepts unique to apple ecosystem, and more precisely related to the iOS app development process. Apple provides simulators for different hardware and iOS versions.

  • Module 4 : iOS: iOS Build Process

    In this module you will learn how the iOS build process works and what are the differences between running an application on a device or the emulator.

  • Module 5 : iOS: Reversing iOS Apps

    There is an incentive for an attacker to examine and understand how the software works, so that they can then look for further weak spots or patch/manipulate those binaries to their advantage. In this module you will see which are the most used techniques and tools to successfully reverse iOS application.

  • Module 6 : iOS: iOS Application Fundamentals

    In order to perform a thorough pentest on iOS applications you must know and master all its components. In this module you will study how applications are composed and what each component is useful for.

  • Module 7 : iOS: iOS Testing Fundamentals

    In this module you will start running your security tests against iOS Applications. Depending on the target of your tests, you will learn different techniques and use multiple tools to reach your goal.

  • Module 8 : iOS: Network Traffic

    In this module you will learn how to configure your environment in order to inspect and analyze network traffic.

  • Module 9 : iOS: Device Administration

    iOS 6 and later versions, have a built in support for powerful device management capability with fine grain controls that allows an organization to control the corporate apple devices and data stored on it. In this module you will see which options organizations have to get clear visibility into all the active devices, ensure that the devices are in compliance, that the software running on these devices is up to date and much more.

  • Module 10 : iOS: Dynamic Analysis

    There is a certain class of applications, that has significant amount of client side logic built into it. Typical examples include word-processing software, image editors, games, utilities etc. In such cases, there is an incentive for attackers to be able to examine and understand how the software works, so that they can then look for further weak spots in the application or bypass restrictions that are applied locally.

Pre-requisites
  • Basic knowledge of programming fundamentals.
  • Basic knowledge of programming languages such as Java and Objective-C/Swift.
  • OSX El Capitan and an iOS (version 8.3) device such as iPod, iPhone, iPad required for some of the iOS topics.
  • Basic security concepts such as : cryptography, reverse engineering, SQL injections and web tools such as Wireshark and OWASP ZAP (or Burp)
This training course is for…
  • Penetration testers
  • Forensers
  • Mobile App Developers
  • IT personnel
Labs

During the Mobile Application Security and Penetration Testing course you will have to deal with several guided labs and exercises that will help you to improve your mobile pentesting skills.

These labs are Android and iOS applications that you have to test in order to apply the techniques explained and reach the final goal. Depending on the lab you will be provided with the application installer or the source code of the application.

During your tests you will have to: Install, run and test each application, Find security issues, Develop a Proof-of-Concept (PoC) exploit for each issue found

Lab IDDescriptionCategory
Lab 1StartingLabAndroid
Lab 2Locating SecretsAndroid
Lab 3Bypass Security ControlsAndroid
Lab 4ObfuscationAndroid
Lab 5OutlookAndroid
Lab 6UberCabAndroid
Lab 7PinTesterAndroid
Lab 8PatchMeAndroid
Lab 9Insecure External StorageAndroid
Lab 10ReadExternalStorage (InsecureExternalStorage Exploit POC)Android
Lab 11TapjackingAndroid
Lab 12GoatDroidAndroid
Lab 13InjectMeAndroid
Lab 14FileBrowserAndroid
Lab 15FileBrowserExploit (FileBrowser Exploit POC)Android
Lab 16NoteListAndroid
Lab 17Leack ResultAndroid
Lab 18Vulnerable ReceiverAndroid
Lab 19Silly ServiceAndroid
Lab 20WeakWalletAndroid
Lab 21Starting LabiOS
Lab 22eLS_LogIn (Reverse Engineering Lab)iOS
Lab 23eLS_LogIn (Dynamic Analysis Lab)iOS
Lab 24eLS_LogIn2iOS
Lab 25Secure OTP generatoriOS
Lab 26SSL pinning iOSiOS

Call 1-800-305-3855 for  more information on available plans and pricing