Android Penetration Testing 101
The Foundation course for Android security and Penetration testing candidates.
Note: 4.4/5 (42 notes) 10,097 students
Instructor(s): Byte Theories
Last update: 2022-03-01
What you’ll learn
- Enrollers are guided from the basic understanding of android architecture to Performing vulnerability assessment on android applications.
- After completion of the course, you’ll be ready to perform vulnerability assessments on any android application.
- Having basic android knowledge would be more gain. However, we will be sharing the required knowledge in the course for the benefit of beginners.
- Android Penetration testers are very handful, you will be one among them at the end of the course.
- Mainly Urge to learn something new
- Computer with 8gb ram with 100gb space would be more sufficient.
- Basic Android development knowledge would be more beneficial.
Android Penetration Testing 101 course is designed mainly for beginners who want to start their journey in android security but have no idea how to create and where to start.
This course gives you complete knowledge beginning from the android architecture to the analysis of the android application with all the attack vectors you learned.
In this course, we have demonstrated static analysis of android applications concerning all the frameworks( Reactnative, Java, flutter, Cordova) with the help of unique tools such as Jadx, Jeb decompiler, and GDA decompiler. Along with that, we have demonstrated automated scanners like MOBSF from installation to the dynamic analysis of the app. Also, we have discussed the common vulnerabilities that can be identified during the static analysis and the endpoints that we can look for.
The most exciting part of any Penetration testing is Dynamic analysis; In this course, we discussed why mobile applications need dynamic analysis and its role in hunting vulnerabilities. We have demonstrated setting up the lab for dynamic analysis( we preferred a burp suite with genymotion).
The primary concept in the dynamic analysis is SSL-PINNING; we have discussed all the ideas regarding SSL-pinning and demonstrated bypassing methods of SSL in android.
We have discussed excellent dynamic illustration tools like Frida and objection and demonstrated the setup.
In the end, we have performed live dynamic analysis on the android application and discussed common vulnerabilities that, can be identified during the dynamic analysis, the endpoints that we can look for, and how to find sensitive information in the app’s database.
To make your pentesting smoother, we provided an Android pentesting checklist, which might come in handy during your Real-time analysis.
Who this course is for
- Android developers develop secured applications and perform security analysis on their applications.
- Introduction to course
- Introduction to structure of the course
- Penetration testing
- what is penetration testing?
- What is Android Penetration testing?
- Basic android concepts
- Android and its architecture
- What are APK and its structure?
- Android Components and LifeCycle
- what are decompilation and decompilers?
- Static Analysis
- what is Static Analysis? why is it important?
- Introduction to Static Analysis tools and their installations.
- MOBSF: Installation and Introduction to MOBSF.
- Common Vulnerabilities that can be found using static analysis
- Static analysis with APK Leaks
- Bonus: Automate the analysis of android components
- Dynamic Analysis
- what is the dynamic analysis and why is it important.
- Dynamic Analysis Lab Setup
- what is SSL-PINNING, why is it important to integrate with the application?
- Installation and Introduction to Frida and Frida-tools
- Bypassing SSL-PINNING in 3 different ways.
- Demonstration of Dynamic Analysis
- Bonus: Setting up Xposed framework
- Summary and Checklist
- Android Penetration Testing Checklist
- Highlights of Android Penetration testing 201
- Summary and Thank You
Time remaining or 14 enrolls left
|Don’t miss any coupons by joining our Telegram group|