Search for Training

Mobile Application Security

Course Overview


The Mobile Application Security Training course is about Mobile Applications and Device Security and it provides complete and current coverage of Mobile application and mobile platform security. The Mobile Application Security course provides a solid foundation in basic Mobile Application Security terminology and concepts, extended and built upon throughout the engagement. Attnedees will examine various recognized attacks against mobile applications. This Mobile Application Security and Penetration Testing Boot Camp focuses on preparing Participants for the real Mobile App Pen Testing through exercises, thought provoking lectures led by an expert instructor. Processes and best practices are discussed and illustrated through both discussions and group activities. Attendeews will be led through a series of advanced topics including performance and network optimization along with advanced security topics comprised of integrated lectures, group discussions and comprehensive demonstrations. The Mobile Application Security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the mobile application.

Course Content


Mobile App Penetration Testing and Ethical Hacking

  • The Attacker's View of the Mobile
  • Overview of the Mobile Applications from a penetration tester's perspective
  • Overview of the various mobile platform architectures
  • Overview of different types of vulnerabilities
  • How to define a mobile application test scope and process
  • Types of mobile penetration testing
  • Methodology to Improve Mobile Application Security
  • Knowing your threats
  • Securing the network, host and application
  • Incorporating security into your software development process
  • Moobile Application Security Policy

Mobile Threats, Attacks, Vulnerabilities, and Countermeasures

  • Asset
  • Threat
  • Vulnerability
  • Attack (or exploit)
  • Countermeasure
  • Application Threats / Attacks

Key Security Requirements in the Mobile Environment

  • Certificate Storage/Management
  • Storage/Management
  • Digital Signature
  • PIN/password protection
  • Remote applet management
  • Content storage/encryption
  • Identity management
  • Secure data exchange
  • Authentication and Integrity management

Mobile Application Security, Penetration, and Secure Coding

  • Mobile applications security testing
  • Application penetration testing & ethical hacking
  • Language specific secure software development: Objective C, C/C++,Java/JEE, HTML5, ActionScript, Ruby, and CSS
  • Digital Certificates, Digital Signatures, Keys, Trust Services, PKI,Keychain, Remote Transport Security, SSL and TLS
  • Sensitive data unprotected at rest
  • Buffer overflows and other C programming issues
  • Secure communications to servers
  • Patching your application

Mobile App Security Concepts

  • Security in mobile app development platforms
  • Overview of iOS security architecture
  • Overview of Android security architecture
  • Overview of Windows Phone 7 security architecture
  • Security features of iOS and Android
  • Keychain Services
  • Security APIs in iOS and Android
  • Assets, threats, and attacks
  • Security Technical
  • Security Testing

Securing Mobile Applications

  • Access Applications
  • VPN and Secure Storage of Data
  • Protection of Downloaded and Broadcasted Content
  • Mobile DRM
  • Service and Content Protection for Mobile Broadcast Services
  • Security Requirements
  • Authentication Applications
  • Extensible Authentication Protocol (EAP)
  • Generic Bootstrapping Architecture (GBA)
  • Public Key Infrastructure (PKI) and Certificate-based Authentication
  • Identity Selection Applications
  • Security and Trust Model of Identity Selector
  • Mobile Applications Security Feature Requirement Matrix Overview of the     infrastructure within the mobile application
  • Overview of Wireless Networks: Access and Core
  • Overview of Mobile Development Platforms
  • Mobile platforms security architecture
  • SSL/TLS/DTLS configurations and weaknesses
  • Google and Facebook hacking
  • Hacking to Social Networks

Methods to Decompile Client-side Code

  • Objective C
  • C/C++
  • Java
  • HTML5
  • ActionScript
  • Ruby
  • CSS

Various Vulnerabilities in Mobile Environments

  • Information leakage
  • Username harvesting
  • Command injection
  • SQL injection
  • Blind SQL injection
  • Session issues
  • Hacking the keys
  • Fuzzing
  • Attacking Web services
  • Malicious applets and objects
  • Vulnerabilities in Mobile application through discover of the client components
  • Methods for attacking mobile services
  • Methods to zombify browsers
  • Using zombies to port scan or attack internal networks
  • Explore attack frameworks
  • Walk through an entire mobile attack scenario
  • Exploit the various mobile app vulnerabilities

Advanced Mobile app Security Topics

  • Application Threats / Attacks
  • Input Validation
  • Authentication
  • Authorization
  • Configuration management
  • Sensitive information
  • Session management
  • Cryptography
  • Parameter manipulation
  • Exception management
  • Auditing and logging
  • Impact on Security on Performance
  • Attack Types and Methods to Prevent them
  • Buffer overflow
    • Cross-site scripting
    • SQL injection
    • Canonicalization
    • Network eavesdropping
    • Brute force attack
    • Dictionary attacks
    • Cookie replay
    • Credential theft
    • Elevation of privilege
    • Disclosure of confidential data
    • Data tampering
    • Luring attacks
    • Unauthorized access to administration interfaces
    • Unauthorized access to configuration stores
    • Retrieval of clear text configuration data
    • Lack of individual accountability
    • Over-privileged process and service accounts
    • Access sensitive data in storage
    • Network eavesdropping; data tampering
    • Session hijacking; session replay
    • Man in the middle
    • Poor key generation or key management
    • Weak or custom encryption
    • Query string manipulation
    • Form field manipulation
    • Cookie manipulation
    • HTTP header manipulation
    • Information disclosure; denial of service

Customer Reviews


Thanks to Xpertised and the tutor who walked me through all the topics with Practical exposure which is helping me in my current project.
-Waseem

Course was quite helpful in terms of understanding of concepts and practicality. Its really a very friendly environment to learn. The timing were mutually chosen, as we both are working professional. I am quite satisfied with the course.
-Tanmoy

...more
Share:

For Batch Details
Call us at: +91 7259222234

Not sure? Consult Our Experts

What is the sum of 6 + 1? (security question)

Looking for a Training for

Myself

My Team/Organization

I agree to be contacted over mail or phone

or
Call us at: +91 7259222234

Subscribe to our weekly newsletter