Android Penetration Testing 101
What you'll learn
- Enrollers are guided from the basic understanding of android architecture to Performing vulnerability assessment on android applications.
- After completion of the course, you'll be ready to perform vulnerability assessments on any android application.
- Having basic android knowledge would be more gain. However, we will be sharing the required knowledge in the course for the benefit of beginners.
- Android Penetration testers are very handful, you will be one among them at the end of the course.
- Mainly Urge to learn something new
- Computer with 8gb ram with 100gb space would be more sufficient.
- Basic Android development knowledge would be more beneficial.
Android Penetration Testing 101 course is designed mainly for beginners who want to start their journey in android security but have no idea how to create and where to start.
This course gives you complete knowledge beginning from the android architecture to the analysis of the android application with all the attack vectors you learned.
In this course, we have demonstrated static analysis of android applications concerning all the frameworks( Reactnative, Java, flutter, Cordova) with the help of unique tools such as Jadx, Jeb decompiler, and GDA decompiler. Along with that, we have demonstrated automated scanners like MOBSF from installation to the dynamic analysis of the app. Also, we have discussed the common vulnerabilities that can be identified during the static analysis and the endpoints that we can look for.
The most exciting part of any Penetration testing is Dynamic analysis; In this course, we discussed why mobile applications need dynamic analysis and its role in hunting vulnerabilities. We have demonstrated setting up the lab for dynamic analysis( we preferred a burp suite with genymotion).
The primary concept in the dynamic analysis is SSL-PINNING; we have discussed all the ideas regarding SSL-pinning and demonstrated bypassing methods of SSL in android.
We have discussed excellent dynamic illustration tools like Frida and objection and demonstrated the setup.
In the end, we have performed live dynamic analysis on the android application and discussed common vulnerabilities that, can be identified during the dynamic analysis, the endpoints that we can look for, and how to find sensitive information in the app's database.
To make your pentesting smoother, we provided an Android pentesting checklist, which might come in handy during your Real-time analysis.
Who this course is for:
- Android developers develop secured applications and perform security analysis on their applications.
Byte Theories is a group of Security Experts and malware analysts, who instruct and help organizations to improve their Infrastructure Security and their application security. We do organize security awareness programs with colleges, schools, and other important public departments to share insights on what does and doesn't in the internet world.
We follow the slogan " Spread the Knowledge for Good", so we help all the security aspirants to gain more knowledge in their domains.