Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Mobile Application Security

( Duration: 3 Days )

The Mobile Application Security training course is about Mobile Applications and Device Security and it provides complete and current coverage of Mobile application and mobile platform security. In this course a solid foundation in basic Mobile Application Security terminology and concepts, is extended and built upon throughout the engagement. You will examine various recognized attacks against mobile applications. You will be led through a series of advanced topics including performance and network optimization along with advanced security topics.

By attending Mobile Application Security workshop, delegates will learn to:

  • Understand the concepts and terminology behind mobile application security
  • Understand the basics of Cryptography, Encryption, Integrity and where they fit in the overall Mobile Application Security picture
  • Understand mobile application software vulnerabilities based on realistic threats
  • Understand entire spectrum of threats, attacks that take place against mobile applications and mobile platforms in today’s world
  • Understand the vulnerabilities of mobile programming language such as Objective C and Java
  • Understand the requirements and best practices for mobile applications management
  • Understand how to find Vulnerabilities in Source Code
  • Understand the Secrets of Mobile App Pen Testing in a totally hands-on classroom environment
  • Exploit and defend real-world Mobile apps
  • Properly secure data
  • Understand Best practices on authentication, authorizations and Integrity of data
  • Understand How to avoid security pitfalls with mobile apps
  • Understand Tools and techniques to harden applications against reverse engineering

The Mobile Application Security class is designed for Mobile application developers, Web application developers, Mobile application penetration tester, Mobile application architects & Technical managers.

COURSE AGENDA

1

Mobile App Penetration Testing and Ethical Hacking

  • The Attacker’s View of the Mobile
  • Overview of the Mobile Applications from a penetration tester’s perspective
  • Overview of the various mobile platform architectures
  • Overview of different types of vulnerabilities
  • How to define a mobile application test scope and process
  • Types of mobile penetration testing
  • Methodology to Improve Mobile Application Security
  • Knowing your threats
  • Securing the network, host and application
  • Incorporating security into your software development process
  • Mobile Application Security Policy
2

Mobile Threats, Attacks, Vulnerabilities, and Countermeasures

  • Asset
  • Threat
  • Vulnerability
  • Attack (or exploit)
  • Countermeasure
  • Application Threats / Attacks
3

Key Security Requirements in the Mobile Environment

  • Certificate Storage/Management
  • Storage/Management
  • Digital Signature
  • PIN/password protection
  • Remote applet management
  • Content storage/encryption
  • Identity management
  • Secure data exchange
  • Authentication and Integrity management
4

Mobile Application Security, Penetration, and Secure Coding

  • Mobile applications security testing
  • Application penetration testing & ethical hacking
  • Language specific secure software development: Objective C, C/C++, Java/JEE, HTML5, ActionScript, Ruby, and CSS
  • Digital Certificates, Digital Signatures, Keys, Trust Services, PKI, Keychain, Remote Transport Security, SSL and TLS
  • Sensitive data unprotected at rest
  • Buffer overflows and other C programming issues
  • Secure communications to servers
  • Patching your application
5

Mobile App Security Concepts

  • Security in mobile app development platforms
  • Overview of iOS security architecture
  • Overview of Android security architecture
  • Overview of Windows Phone 7 security architecture
  • Security features of iOS and Android
  • Keychain Services
  • Security APIs in iOS and Android
  • Assets, threats, and attacks
  • Security Technical
  • Security Testing
6

Securing Mobile Applications

  • Access Applications
  • VPN and Secure Storage of Data
  • Protection of Downloaded and Broadcasted Content
  • Mobile DRM
  • Service and Content Protection for Mobile Broadcast Services
  • Security Requirements
  • Authentication Applications
  • Extensible Authentication Protocol (EAP)
  • Generic Bootstrapping Architecture (GBA)
  • Public Key Infrastructure (PKI) and Certificate-based Authentication
  • Identity Selection Applications
  • Security and Trust Model of Identity Selector
  • Mobile Applications Security Feature Requirement Matrix Overview of the infrastructure within the mobile application
  • Overview of Wireless Networks: Access and Core
  • Overview of Mobile Development Platforms
  • Mobile platforms security architecture
  • SSL/TLS/DTLS configurations and weaknesses
  • Google and Facebook hacking
  • Hacking to Social Networks
7

Methods to Decompile Client-side Code

  • Objective C
  • C/C++
  • Java
  • HTML5
  • ActionScript
  • Ruby
  • CSS
8

Various Vulnerabilities in Mobile Environments

  • Information leakage
  • Username harvesting
  • Command injection
  • SQL injection
  • Blind SQL injection
  • Session issues
  • Hacking the keys
  • Fuzzing
  • Attacking Web services
  • Malicious applets and objects
  • Vulnerabilities in Mobile application through discover of the client components
  • Methods for attacking mobile services
  • Methods to zombify browsers
  • Using zombies to port scan or attack internal networks
  • Explore attack frameworks
  • Walk through an entire mobile attack scenario
  • Exploit the various mobile app vulnerabilities
9

Advanced Mobile app Security Topics

  • Application Threats / Attacks
  • Input Validation
  • Authentication
  • Authorization
  • Configuration management
  • Sensitive information
  • Session management
  • Cryptography
  • Parameter manipulation
  • Exception management
  • Auditing and logging
  • Impact on Security on Performance
  • Attack Types and Methods to Prevent them
    • Buffer overflow
    • Cross-site scripting
    • SQL injection
    • Canonicalization
    • Network eavesdropping
    • Brute force attack
    • Dictionary attacks
    • Cookie replay
    • Credential theft
    • Elevation of privilege
    • Disclosure of confidential data
    • Data tampering
    • Luring attacks
    • Unauthorized access to administration interfaces
    • Unauthorized access to configuration stores
    • Retrieval of clear text configuration data
    • Lack of individual accountability
    • Over-privileged process and service accounts
    • Access sensitive data in storage
    • Network eavesdropping; data tampering
    • Session hijacking; session replay
    • Man in the middle
    • Poor key generation or key management
    • Weak or custom encryption
    • Query string manipulation
    • Form field manipulation
    • Cookie manipulation
    • HTTP header manipulation
    • Information disclosure; denial of service

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X