Full course

Mobile Application Penetration Testing

This course provides tools and methodology for conducting a security assessment of a mobile application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

Details

Course overview

The objective of this course is to teach participants the knowledge and skills required to perform effective security assessments of mobile applications. Using a "black box" testing methodology, the training will guide participants through the process of evaluating the security posture of mobile apps, without requiring prior access to the underlying source code. Participants will be introduced to a suite of tools and techniques, enabling them to systematically discover and address potential security weaknesses. This course is aimed at auditors and security specialists.

Requirements

  • Basic knowledge of mobile application architecture and functioning

  • Curiosity about hacking and cybersecurity topics.

Course content

  • Introduction to Application Security: An overview of fundamental concepts in application security.

  • Overview of Mobile Application Testing Methodology: Understanding the methodology for testing mobile applications.

  • Tools and Resources: Introduction to various tools and resources available for conducting mobile application security assessments.


  • Jailbreaking and Rooting Devices: Exploring techniques for bypassing device security mechanisms.

  • Decompiling the Application and Static Code Analysis: Techniques for analyzing the code of a mobile application.

  • Intercepting Network Traffic and testing Communication Security: Strategies for testing the security of communication channels.


  • Analyzing Data stored by the Application on the Device: Techniques for examining data stored locally by the application.

  • Testing Local Authentication Mechanisms: Strategies for assessing the security of local authentication methods.

  • Testing Input Validation: Techniques for evaluating the security of input validation mechanisms.


  • Testing Interaction with third-party Applications: Assessing the security implications of interactions with third-party applications.

  • Testing Improper use of Platform Features: Strategies for identifying and mitigating security risks arising from improper use of platform features.

  • Testing Backend Security (APIs and Web services): Techniques for assessing the security of backend systems and services.


Your instructor

  • TBD Senior Instructor

Other courses
  • Full course

    Build Secure Android Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for Android application developers, aims to demonstrate methods and approaches for developing secure Android native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • best-seller

    Full course

    Build Secure .NET Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for .NET application developers, aims to demonstrate methods and approaches for developing secure .NET web applications. It includes practical exercises, based on .NET web applications.

    DISCOVER MORE
  • Full course

    Build Secure iOS Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for iOS application developers, aims to demonstrate methods and approaches for developing secure iOS native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • best-seller

    Full course

    Build Secure Java Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for Java application developers, aims to demonstrate methods and approaches for developing secure Java web applications based on the Spring framework. It includes practical exercises, based on Java Spring web applications.

    DISCOVER MORE
  • Full course

    Build Secure PHP Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for PHP application developers, aims to demonstrate methods and approaches for developing secure PHP web applications. It includes practical exercises, based on applications developed in PHP.

    DISCOVER MORE
  • Full course

    Build Secure Web Applications

    Defensive
    ~32 hours
    Online

    This generic course, ideal for web developers, aims to demonstrate methods and approaches for developing secure software. During the course, the main errors leading to application vulnerabilities will be highlighted, along with techniques to prevent them.

    DISCOVER MORE
  • Full course

    Cloud Security Fundamentals

    Fundamentals
    ~16 hours
    Online

    This course is designed to train participants on the security issues related to cloud services. The course will cover the main security threats as well as best practices for proactively defend cloud assets (infrastructure, applications, etc.).

    DISCOVER MORE
  • Full course

    Cyber Security Fundamentals

    Fundamentals
    ~24 hours
    Online

    This awareness course aims to provide theoretical foundations of cybersecurity through a comprehensive coverage of associated topics. Starting from the fundamentals of cybersecurity, participants will learn key concepts through theoretical discussions and real-life examples.

    DISCOVER MORE
  • Full course

    Ethical Hacking Fundamentals

    Fundamentals
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment through a comprehensive coverage of associated topics. Starting from the basics of cybersecurity, participants will learn key concepts through theoretical discussions and practical exercises drawn from real-life.

    DISCOVER MORE
  • Full course

    Web Application Penetration Testing

    Offensive
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment of a web application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

    DISCOVER MORE