AndroidApp eXploitation and Security
About:

Overview
This workshop will focus on the techniques and tools for testing the security of Android mobile
applications. During this workshop the attendees will learn about important topics such as the Android
Security model, the Android runtime, how to perform static analysis, traffic manipulation, memory
dumps, code modification and dynamic analysis from zero knowledge of the APK to full eXploitation.
By attending this workshop you will be able to perform penetration testing on Android mobile
applications and expose potential vulnerabilities in the tested application such as insecure storage,
traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi,
bad cryptography, and more.
Course Content:
1.Android Introduction and Basics
2.Android Architecture and Filesystem
3.Android Security & Kernel
    a.Linux kernel based protections
    b.Android OS specific protections
4.Permission modules and app components
    a.Activity
    b.Intents
    c.Services
d.AndroidManifest.xml
5.The Android debug bridge
6.Signing applications for android
7.Penetration testing
8.Reverse engineering and app analysis
9.SSL pinning bypass
10.Hands -on challenge (Introduction to Damn Insecure and Vulnerable Android App (DIVA); )
 
 

 

Pre-requisites:
Comfortable with Android Smart phone or Tablet. Knowledge of basic linux commands and ADB commands. Self learning and an enthusiastic attitude.
X