Build defensive skills as an Android developer and offensive skills as a tester. Get proactive and protect your software by learning how to probe for risks that exploit discrete vulnerabilities.
Is the Pentesting Android Apps Foundation training right for me?
- Yes - if you are an Android developer or software tester
- Yes - if you want to know how your systems behave when under attack externally
- Yes - if you are proactive about security
- Yes - if you want to improve your software
What will I achieve by completing this training?
You will learn:
- The basics of the Android security model
- How to analyze the security posture of an application
- How to prioritize security issues you identify
- How to mitigate storage and traffic related issues
- How to verify your implementation of security controls (e.g. biometric authentication, cryptographic controls, url-scheme validation)
- The contents of the OWASP mobile Top 10 and the Mobile Application Security Verification Standard
- Be a more secure app-developer
- Defeat script kiddie's that want to hack your app, cheat your game or capture your users’ data
- Execute basic penetration tests on Android applications
- Embed security into your Android application and verify the effectiveness of your security controls
You will gain experience in:
- Running Android applications with Xposed on a rooted device or running Android apps patched with Frida
- Storage analysis of an application
- Traffic analysis between the application and the backend
- Create a secure storage using Realm
- Use storage mechanisms like SharedPreferences, SD-card, AndroidKeyStore and KeyChain securely
What else should I know?
You will need your own laptop for this training with the following requirements:
- At least 8GB RAM
- Administration/installation rights
Some of the exercises have the best experience using a test-device with Android 6 with a fingerprint scanner. This is optional.
Note, in case of in-house trainings, we can further tailor the training towards your needs.
The training is in line with the OWASP Mobile Security Testing Guide with several extensions.