Exploiting Android Apps for beginners - Check Apps Security

Has the right balance of theory and hands-on. Good set of tools discussed. Offered by leaders in Mobile App Security.
3.8 (5 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
65 students enrolled
$19
$20
5% off
Take This Course
  • Lectures 68
  • Length 10 hours
  • Skill Level Beginner Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 12/2015 English

Course Description

If you at any point of time in your career or academia surfaced information security, you know for a fact that security analysis is not only about thorough understanding of a system but also includes a good list of tools and techniques to analyze that particular system. Unlike network and web, mobile security is a recent phenomenon. In order to analyze mobile application, one should understand the underlying architecture, security model, development frameworks and the relevant tools.

This course deals with applications within the most widely used mobile OS, Android. The course introduces underlying Android architecture, its permission model and the default security measures in place. It deals with developer tools like Eclipse, Android Studio, Android Debug Bridge or ADB, UI Automator and Monkey Runner, along with tools and techniques for Network Analysis.

As a part of reversing and malware analysis, static and dynamic techniques have been discussed. Pentesting an Android App is has also been discussed. Issues like unintended data leakage, insecure data storage and tools like Burp Intruder & Metasploit have also been covered. The course concludes by discussing Android best practices for security.

To conclude, this course deals with Android security concepts and discusses the relevant tools in detail to exploit an Android application.

What are the requirements?

  • Android Dev Environment
  • Linux OS

What am I going to get from this course?

  • Understand Android's Architecture and Security Model
  • Get familiar with tools for development, reverse engineering and security analysis
  • Pentesting Android Apps

What is the target audience?

  • Existing security professional trying to get into Mobile App Security in general and Android security in personal
  • Students in Security specialization
  • Android developers
  • Members of QA team testing Android Apps

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: Introduction
Importance of Information Security
Preview
07:14
Mobile First and State of the Art Product Design
Preview
07:36
Need for Mobile Security and OWASP Top 10
10:21
Basic Terminologies in Information Security
08:47
About CIA Triad
07:04
Introduction to Cryptography
11:46
Hashing and Digital Signature
13:53
Digital Certificates and PKI
12:59
TLS_SSL_Protocol and Handshake Process
06:57
DoS and DDoS attack
07:42
AAA
07:50
Password Security
07:44
Access Control
04:40
Section 2: Android Architecture and Security Model
A Brief about Android
11:52
Android Bootup Process
07:27
Android Architecture
07:54
Android Data Structure and File system
13:24
Android Logging and Logcat
13:48
Android Apps
07:08
Android Security Model
10:42
Android Permissions
08:53
Security Compliance w.r.t. Android Framework and Java
07:24
Google Bouncer
04:29
Section 3: Getting Familiar with Android Developer Tools
Eclipse IDE and Andorid Studio
19:15
Android Debug Bridge
06:42
UIAutomator and MonkeyRunner
11:40
Section 4: Interacting with an Android Device
Difference between an Android device and an Emulator
04:42
Interacting with Android device via USB
04:02
SSH
06:51
VNC
06:54
Rooting Android Device
08:59
BusyBox
05:30
Section 5: Android Network Analysis
Setting up a Proxy for Android Emulator
05:54
Setting Up a Proxy for Android Device
04:52
Installing CA Certificate
06:44
MITM and SSL MITM Attacks: PART 1
16:23
MITM and SSL MITM attacks PART 2
09:15
Data Manipulation
06:13
Section 6: Android Reversing and Malware Analysis
APK Files in a Nut Shell
10:49
Intro to Reverse Engineering
06:52
Reversing to Get the Source Code
07:25
Using APKTool for Reverse Engineering
09:26
Introduction to Android Malwares
09:04
Dynamic vs Static Analysis
04:08
Static Analysis of Android Malwares
17:58
Introduction to Android Tamer
06:07
Dynamic Analysis with DroidBox
08:23
Dynamic Analysis of Android Malwares
10:11
Section 7: Android Application Pentesting and Exploitation
Introduction to Android Pentests
04:32
Fuzzing Android Apps with Burp Proxy
04:52
Fuzzing Android Apps with Burp Intruder
11:44
Attacking authentication
08:00
Content Provider Leakage
10:25
Client Side Injection
08:14
Insecure Data Storage - Shared Preferences
08:52
Insecure Data Storage - SQLite Databases
08:11
Unintended Data Leakage
10:30
Broken Cryptography
15:17
Automated Security Assessments with Drozer
14:37
Exploiting Android Devices Using Metasploit
12:04
Section 8: Android Device and Data Security
Android Device Protection
06:43
Bypassing Android Locks
10:46
Android Data Extraction
09:19
Section 9: Using Android as a Pentesting Tool
A Look into Commonly used Hacking and Pentesting Apps
10:59
PWN Pad on Nexus 7
04:47
Kali Linux on Android
04:01
Section 10: Conclusion
Android Security Practices
08:22
Course Summary and Revision
05:30

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

CEO Toshendra Sharma, Entrepreneur in Security & Blockchain

I am a founder & CEO at RecordsKeeper, a Blokchain-based record keeping solution for businesses & individuals.

Earlier I founded Appvigil (Wegilant) in Nov 2011 along with pursuing my Masters in Application Security from IIT Bombay, India. Appvigil is the Mobile App Security Scanner on Cloud. Appvigil also offers security audit services for mobile devices and applications, and compliance of IT regulations. I was heading the team as Chief Executive Officer. Company has won NASSCOM Emerge 50 Award 2014 one of the biggest award in India. Company got incubation in IIT Bombay's Business Incubator SINE in August 2013.

During Wegilant & before that, I have trained 15000+ students in 5+ years across various college campuses in India. I have also written a book on AVR Micro-controller with the name "Robotics with AVR".

I was the part of Forbes India 30Under30 List of 2016 in Technology space.

Ready to start learning?
Take This Course