MASPT comes with life-time access to course material and exercises on Mobile application security.
Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!
Before we dive into Security and Penetration Testing, we will introduce you to the Android environment. There are few key concepts you should be familiar with before we get started.
Prior to diving into Android Application Security, we need to have a means to examine, build, debug and run applications. For these purposes, we’ll need to install the Android Studio IDE (Integrated Development Environment).
Understanding how Android Studio compiles the code and resources into a working Android application will help you better understand how all the pieces fit together. This will also provide insight into the protection employed to guarantee the authenticity of applications and circumstances by which they can be rendered meaningless.
In this section, we’ll discuss the process of reversing Android applications. This is an important skill for anyone who wants to audit the security of third-party applications where the source code is unavailable.
Rooting is a process by which one obtains “root” or system level access to an Android device. In this module you will learn why it can be important for our security tests but also which are the implications of rooting a device.
In order to perform a thorough pentest on Android application you must know and master all its components. In this module you will study all the fundamental concepts and topics that you may encounter during your security test tasks
Mobile devices are unique in how they use networks, being almost exclusively wireless and often bouncing between cellular and Wi-Fi networks. To lower cellular data traffic, some cellular carriers provide Wi-Fi hotspots for their customers. Bad guys know this and will often set up fake Wi-Fi networks, tricking the devices into connecting. In this module you will learn how to configure your environment in order to inspect and analyze network traffic.
How securely data is stored on mobile devices has become a hot topic lately. In fact, Insecure Data Storage is second most common vulnerability, according to the OWASP Mobile Top Ten.
If you are familiar with Clickjacking in web applications, you’re already familiar with the basic concepts of Tapjacking. In a Tapjacking attack, a malicious application is launched and positions itself atop a victim application. In this module you will see some example of Tapjacking, but also how to properly develop an Application to solve this issue.
Static Code Analysis is a process for programmatically examining application code on disk, rather than while it is running. There are numerous scientifically rigorous approaches to the problems of validating that code is free of errors. In this module you will learn how to perform security tests on Android application by using different static code analysis.
Dynamic Code Analysis is the process by which code is reviewed for vulnerabilities by actually executing some or all of the code. This execution could occur in a normal environment, virtualized environment or a debugger. This type of inspection also allows you to directly observe network requests, interactions with other applications and the results of any error conditions encountered.
To understand the iOS ecosystem, we need to realize that iOS operating system is based on Darwin OS, which was originally written by Apple in C, C++ and Objective-C. Darwin is also at the heart of OSX, and thus OS X and iOS share some common foundation.
Jailbreaking is the process of actively circumventing/removing such restrictions and other security controls put in place by the operating system. This allows users to install unapproved apps (apps not signed by a certificate issued by Apple) and leverage more APIs, which are otherwise not accessible in normal scenarios.
Before we proceed, it is important to understand a few fundamental concepts unique to apple ecosystem, and more precisely related to the iOS app development process. Apple provides simulators for different hardware and iOS versions.
In this module you will learn how the iOS build process works and what are the differences between running an application on a device or the emulator.
There is an incentive for an attacker to examine and understand how the software works, so that they can then look for further weak spots or patch/manipulate those binaries to their advantage. In this module you will see which are the most used techniques and tools to successfully reverse iOS application.
In order to perform a thorough pentest on iOS applications you must know and master all its components. In this module you will study how applications are composed and what each component is useful for.
In this module you will start running your security tests against iOS Applications. Depending on the target of your tests, you will learn different techniques and use multiple tools to reach your goal.
In this module you will learn how to configure your environment in order to inspect and analyze network traffic.
iOS 6 and later versions, have a built in support for powerful device management capability with fine grain controls that allows an organization to control the corporate apple devices and data stored on it. In this module you will see which options organizations have to get clear visibility into all the active devices, ensure that the devices are in compliance, that the software running on these devices is up to date and much more.
There is a certain class of applications, that has significant amount of client side logic built into it. Typical examples include word-processing software, image editors, games, utilities etc. In such cases, there is an incentive for attackers to be able to examine and understand how the software works, so that they can then look for further weak spots in the application or bypass restrictions that are applied locally.
During the Mobile Application Security and Penetration Testing course you will have to deal with several guided labs and exercises that will help you to improve your mobile pentesting skills.
These labs are Android and iOS applications that you have to test in order to apply the techniques explained and reach the final goal. Depending on the lab you will be provided with the application installer or the source code of the application.
During your tests you will have to: Install, run and test each application, Find security issues, Develop a Proof-of-Concept (PoC) exploit for each issue found
|Lab 2||Locating Secrets||Android|
|Lab 3||Bypass Security Controls||Android|
|Lab 9||Insecure External Storage||Android|
|Lab 10||ReadExternalStorage (InsecureExternalStorage Exploit POC)||Android|
|Lab 15||FileBrowserExploit (FileBrowser Exploit POC)||Android|
|Lab 17||Leack Result||Android|
|Lab 18||Vulnerable Receiver||Android|
|Lab 19||Silly Service||Android|
|Lab 21||Starting Lab||iOS|
|Lab 22||eLS_LogIn (Reverse Engineering Lab)||iOS|
|Lab 23||eLS_LogIn (Dynamic Analysis Lab)||iOS|
|Lab 25||Secure OTP generator||iOS|
|Lab 26||SSL pinning iOS||iOS|
Dimitrios Bougioukas is a Senior IT Security researcher and instructor at eLearnSecurity and holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 4 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution and as a penetration tester within EY's practice. Dimitrios specializes in advanced cyber threat simulation, threat intelligence and purple team tactics. He has been engaged on numerous penetration testing activities against critical infrastructure, web applications and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgements from security, telecom and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.
Tony is the Director of Security Engineering in Tinder and has 20 years IT experience, including network engineering/security, systems administration, consulting and application security. He is recognized in the Android Security Acknowledgements and numerous responsible disclosure programs, such as Microsoft, Yahoo, WordPress and Uber. He is also the creator and core contributor to QARK. Speaker/Presenter: DefCon, Wall of Sheep, Black Hat London, Black Hat USA, BSides Las Vegas, DeepSec, Hack-in-The-Box, AppSec California and AppSec USA
Tushar is a security enthusiast, and currently works as a Senior Information Security Engineer at LinkedIn. He specializes in the area of application security, with a strong focus on vulnerability research and assessment of mobile applications. Previously, Tushar has worked as a security consultant at Foundstone Professional Services (McAfee) and as a Senior developer at ACI Worldwide.
His experience spans from web application secure coding to secure network design. He has contributed to the Joomla project as a Developer and has conducted a number of assessments as a freelance. Francesco Stillavato's research is now focused on Mobile Application Penetration Testing on Android and iOS. Publications: Francesco is the co-author of the Penetration testing course Professional, Mobile Application Security and Penetration Testing, Penetration Testing Student and author of all Hera Lab scenarios.
Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!