Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Mobile Penetration Testing

( Duration: 5 Days )

This Mobile Penetration Testing training course covers all aspects of Mobile App Penetration Testing and Mobile App Ethical Hacking. You will learn the art of exploiting and penetrating Mobile applications so security and performance flaws can be found in your mobile apps before the real hackers do. You will be taught the six-step process for Mobile application penetration testing and explore various other Mobile app vulnerabilities in depth. Also learn the hacking and mitigation tools and methods for the mobile apps used by the attacker, so that you can be a powerful defender yourself.

By attending Mobile Penetration Testing workshop, delegates will learn to:

  • Secure mobile applications from technical and business logic perspectives
  • Identify business logic and technical vulnerabilities in your mobile applications
  • Understand real-world attack techniques
  • Capture the business logic flow of the mobile application
  • Identify the application’s vulnerabilities that can be exploited using installed applications on mobile devices
  • Assess mobile device security issues
  • Test and discover vulnerabilities present in mobile devices, applications, server and the network
  • Learn about assessments attempt to detect vulnerabilities
  • Ensure trusted interactions at the application, device and network levels
  • Impersonate valid wireless access points in an attempt
  • Learn about Wireless man-in-the-middle (MITM) attacks
  • Identify and monitor wireless networks that have either no encryption
  • Learn about user authentication, data security
  • Identify and prove critical data breach exposures created by mobile devices in your environment
  • Evaluate the security of new mobile technologies prior to deployment
  • Mitigate operational & reputational risks Assess end-user security awareness of social engineering techniques
  • Assess data leakage threats by conducting phishing tests seeded

COURSE AGENDA

1

Introduction and Executive Summary

  • Mobile App Ethical Hacking and Penetration Testing Principles
  • Mobile Application Security Assessments for applications
  • Pentesting Mobile Applications
  • Mobile Device Threats, Policies, and Security Models
  • Mobile Device Architecture Security and Management
  • Mobile Code and Application Analysis
  • Ethical Hacking Mobile Networks
  • Ethical Hacking Mobile Phones, Tablets, and Applications
  • Secure Mobile Phone Capture the Flag
  • Exploiting and penetrating mobile applications
  • Overview of vulnerabilities
  • Security and performance flaw
  • Mobile Ethical Hacking
2

Overview of Mobile platforms

  • Control functions
  • Networks: GSM, CDMA, UMTS, LTE, WiFi, Bluetooth, NFC
  • Hardware: Baseband layer attacks
  • Memory corruption defects in firmware
  • OS: Defects in kernel code
  • Applications
  • Codes
  • Apps with vulnerabilities and malicious
3

Mobile Application Basics

  • Browser Based Application
  • HTML5+CSS+JavaScript
  • iOS Application Basics
  • iOS System Architecture
  • Objective C & Cocoa Touch API
  • Android Application Basics
  • Android System Architecture
  • Application program
  • Application Frame
  • Program Library
  • Android Runtime Library
  • Linux Core
4

Major Mobile Threats

  • Equipment and password protection
  • Sensitive files encryption
  • Boot Rom exploits
  • Password brute force
  • Mobile App Risks
  • Mobile Device Risks at multiple layers
  • Mobile App Ecosystems
  • Mobile App Top 10 Risks
  • Veracode Top 10
  • OWASP Mobile Top 10
  • Malicious Functionality
  • Activity monitoring and data retrieval
  • Unauthorized dialing, SMS, and payments
  • Unauthorized network connectivity (exfiltration or command & control)
  • UI Impersonation
  • System modification (rootkit, APN proxy config)
  • Logic or Time bomb
  • Vulnerabilities
  • Sensitive data leakage (inadvertent or side channel)
  • Unsafe sensitive data storage
  • Unsafe sensitive data transmission
  • Hardcoded password/keys
5

Application Penetration Testing

  • Reconnaissance
  • Mapping
  • Discovery
  • Exploitation
  • Reporting
  • Ethical attack
  • Application’s security controls
  • Risks posed by actual exploitable vulnerabilities.
  • Application mapping
  • Reverse engineering
  • Proprietary tools
  • Input Validation
  • Buffer Overflow
  • Cross Site Scripting
  • URL Manipulation
  • SQL Injection
  • Hidden Variable Manipulation
  • Cookie Modification
  • Authentication Bypass
  • Code Execution
  • Injections
  • Broken authentication and session management
  • Cross-site scripting
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Missing function level access control
  • Cross-site request forgery
  • Using components with known vulnerabilities
  • Unvalidated redirects and forwards
6

Mobile Application Security Assessment and Penetration Testing

  • Mobile Application Penetration Assessments
  • Identify weaknesses in the default installation
  • Bypass authentication and authorization mechanisms
  • Escalate privileges
  • Access and modify data or data presentation
  • Attack vectors
  • Data validation (SQL injection, Cross-Site Scripting, buffer overflows, etc.)
  • Session management
  • Access controls (authentication and authorization controls)
  • Cryptography
  • Third-party components (patching, configuration errors, etc.)
  • Mobile Device Security Models
  • Privilege and access models on multiple platforms
  • Device encryption support and threats
  • Emerging changes in platform security from Android and Apple
  • Policy Considerations and Development
7

Attacks and Pentesting Mobile Applications

  • Attacking test based systems
  • Attacking test based application
  • Attacking test based transmission link
  • Application attack testing
  • Bypassing passcode locks
  • Decrypting credentials
  • Accessing mobile device backup data
  • Unlocking, Rooting, Jailbreaking Mobile Devices
  • Mobile Phone Data Storage and Filesystem Architecture
  • Filesystem Application Modeling
  • Mobile application network capture
  • Mobile app data extraction
  • Reverse engineering iOS binaries in Objective-C
  • Reverse engineering Android binaries in Java
  • Data access policies
  • Fingerprinting mobile devices
  • Monitoring network probing activity
  • Network scanning and assessment
  • Exploiting weak wireless infrastructure
  • Monitoring mobile device network scanning
  • Certificate impersonation and mobile devices
  • Network Manipulation Attacks
  • Exploiting mobile application authentication vulnerabilities
  • Site impersonation attacks
  • Exploiting SQL injection in mobile application frameworks
8

Pentesting iOS, Android and Windows Applications

  • Areas of focus
  • Network Communication -Privacy
  • Application Data Storage
  • Reverse Engineering -URL Schemes -Push Notification
  • Jailbreak
  • Encrypted Transmission
  • HTTPS and SSL
  • CA certificate
  • Application data storage
  • Data storage location
  • Plist file
  • Keychain
  • Logs
  • Screenshot
  • Home catalogue
  • Reverse Engineering

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X