0345 4506120

Certified Mobile Security Tester

This three-day course is for people in a wide variety of mobile application related roles. It introduces the fundamentals of mobile application security and gives you an understanding of whether the sensitive information stored on mobile devices is sufficiently protected.

Focusing on the prevalent mobile platforms, Android and iOS, you will have access to vulnerable mobile applications using devices and emulators to assess their security through a series of practical hands-on exercises. The techniques gained throughout this course will enable you to understand whether the sensitive information stored on mobile devices is sufficiently protected and what the risk and exposure is if an attacker was able to get his hands on the mobile device.

WHO SHOULD ATTEND
Anyone looking to understand the fundamentals of mobile application security, including:

  • App developers
  • IT security officers
  • Penetration testers
  • Network and systems administrators
  Reset

Learning Objectives

THE SKILLS YOU WILL LEARN

  • You will be led through the current OWASP Mobile Top Ten, the most critical mobile application security risks that leave organisations and their customers’ data vulnerable to attack
  • Once able to identify and exploit vulnerabilities in both iOS and Android platforms, you will be introduced to a range of defensive countermeasures, allowing you to develop applications that are more resistant to attack
  • Understand where issues might appear in a mobile application and the significance of data stored on every day mobile devices
  • Have learnt to retrieve class methods by reverse engineering iOS applications and gained the ability and confidence to reverse engineer Android applications to obtain source code
  • Have learnt the fundamental vulnerabilities found on mobile applications, including static and runtime analysis of the applications, insecure data storage and binary patching

KEY BENEFITS
This course will give you:

  • An understanding of whether the sensitive information stored on mobile devices is sufficiently protected and what the risk would be if the device fell into the hands of an attacker
  • The ability to use a variety of tools and techniques, including static and run-time analysis, binary patching and reverse engineering, to improve mobile application security

Pre-Requisites

A basic understanding of:

  • How the iOS and Android platform and devices work
  • HTTP protocol
  • Programming
  • Windows and Linux command line
  • Java and Objective-C languages

Course Content

1. Security
a. iOS Security
- Secure Boot Chain
- Sandboxing
- File security
b. Android Security
- Zygote
- Sandboxing
- File Access


2. Application types: Native,
Web based, Hybrid (Both)


3. Jailbreaking


4. Data in Transit
a. Setting up a proxy (Both)
b. Installing certificates
c. Certificate Pinning (Both)
d. SQL injection (Both)
e. XSS (Both)
f. URL Schemes
g. Content Providers (Android)
h. Javascript Bridges (Android)


5. Data at Rest
a. SQLite files (Both)
b. Plist files
c. NSUserDefaults
d. Core Data
e. Keychain
f. Cookies
g. Data location (Android)


6. Static Analysis
a. Decrypting Applications
b. Position Independent Executable
(PIE) Flag
c. Class Dumping
d. Binary patching
e. Automated Tools (Both)
f. Manifest file examination
(Android)
g. Reverse Engineering (Android)
h. Smali code syntax (Android)
i. Java decompilation (Android)
j. Hardcoded sensitive information
(Android)
k. Application backups (Android)
l. Broken Cryptography (Android)


7. Dynamic Analysis/Runtime Analysis
a. Runtime Patching (Both)
b Runtime Manipulation
c. Automated Tools
d. Activity manager (Android)
e. Reflection (Android)


8. Side Channel Attacks
a. Screenshots
b. Cookies (Android)
c. Cache (Both)


9. Known attacks
a. Known attacks
b. Cache

Exams & Certification

WHAT QUALIFICATION WILL I RECEIVE?


Those delegates successfully passing the exam at the end of the course will be awarded the Certified Mobile Security Tester (CMST) qualification.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Our Customers Include