Android & Mobile App Pentesting

What about this course?

<br>In this course you will be shown how to perform professional penetration testing activities against Android and iOS mobile applications, by means of reverse engineering, static analysis and dynamic analysis. First you will learn all about the attack surface of Android applications and the techniques to exploit each covered vulnerability (incl. reverse engineering). Specifically, Android OS fundamentals (Android VM, Android security model etc.), build process (APK structure, compiling/signing apps etc.) and how to setup your own testing environment are presented first. Then the part of attacking Android apps commences. Reverse engineering APKs for information gathering, device rooting and the entire attack surface of Android apps are covered in detail so that are aware of what each attack exploits. Mobile application traffic analysis is of course covered (incl. Certificate pinning bypasses). During the static analysis module, you will exploit SQL injection and path traversal vulnerabilities, as well as vulnerable activities, vulnerable receivers, vulnerable services and insecure shared preferences among others. Finally, during the dynamic analysis module you will leverage ADB in order to achieve live debugging and database interaction for exploitation purposes. Be reminded that you will have the opportunity to develop several malicious Android applications during this journey.</br> <br>This course is part of the Mobile Application Penetration Testing Professional Learning path which prepares you for the eMAPT exam and certification</br>