Training

Mobile Application Penetration Testing Training

Mobile Application Penetration Testing Training aims to enable the participants to perform static and dynamic analysis of mobile applications and to identify vulnerabilities that may appear on the client side. The vulnerability types and tests related to HTTP services used by mobile applications are not covered in the Mobile Application Penetration Testing Training.

The scope of the training is focused on iOS and Android device applications.

internet-3592056_640[1]

Training Details

Penetration testing for mobile applications involves checking both the client application and the HTTP services used by the client application. However, the vulnerability types and tests related to HTTP services are not covered in the Web Application Penetration Testing Training.

 

In order for participants to understand the risks that may occur on the client side, they need to be aware of the HTTP services used by the client applications and the risks that may arise from them. Therefore, web application penetration testing experience or training of participants is a prerequisite for this training.

  • Differences between Mobile and Web Application Architectures

Android Mobile Application Penetration Testing

  • Android OS and Features
    • Android Rooting
    • Android Security Architecture
    • Dalvik Virtual Machine
    • ARM
    • Android Application Components
  • Bypassing Rooting Controls
  • Smali Code Patching
  • Intercepting Traffic with Attack Proxy
    • Bypassing SSL Pinning
    • Analyzing Encrypted Data
  • Analysis Methods
    • Static Analysis
    • Dynamic Analysis
    • Debug Operations
    • ADB Tool
  • IPC (Inter Process Communication) Attacks
  • Sensitive Information Analysis (Forensic)
    • Sensitive Information Stored on the Device
    • Leaked Information in Device Logs
  • APK File Content
  • Obfuscation
  • Dex and Jar Files
  • Shared Preferences and SQLite Database Files
  • Android Malware Injection

IOS Mobile Application Penetration Testing

  • IOS Environment
    • IOS Development Environment
    • Device and Simulator Environment
  • What is Jailbreaking
    • Cydia Environment
  • File Exchange with Device
  • Command Line Access to Device
  • Analysis Methods
    • Static Analysis
    • Dynamic Analysis Debugging
    • Debugging iOS and Bypassing Client Side Controls with gdb
  • ARM Assembly
  • Bypassing Important Controls
    • Binary Code Patching
    • Bypassing Jailbreak Control
    • RunTime Manipulations
    • SSL Pinning
    • Analyzing Encrypted Data
  • Intercepting Traffic with Attack Proxy
  • IPA File Content
  • Analysis of Sensitive Data on the Device
    • Directory Structure
    • Keychain
    • Plist and Binary Plist Files
    • Sqlite Database
    • Application Logs

Duration: 2 Days

Location: Istanbul

  • All participants are entitled to CERTIFICATE OF PARTICIPATION
  • Participants who successfully complete the assessment exam / CTF cases are entitled to TRAINING CERTIFICATION