Android Application Security Testing Training

The Android Application Security Training is a “2 Day Hands-On Training”. This Training is intended for students interested in making a career in the Information Security domain and specifically into Mobile Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the mobile applications from security standpoint.
This training covers understanding the internals of android applications, Real-time testing of android applications and a strategic approach to analyse applications for OWASP Top 10 vulnerabilities Mobile security issues such as Injections, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. This training is made of CTF based modules where the attendees will have to solve a different set of Challenges to move on to the next set of modules, giving them real time hands-on experience on pentesting mobile applications.

Trainer : Karthik Kosireddi & Nikhil

Karthik Kosireddi, with an experience of more than two decades in the IT industry has a track record of training thousands of software testing professionals across the globe. Being a tech-savvy professional, he always updates himself with the latest technological developments and in a continuous research process. He is the man behind the hybrid automation framework AnyAUT which is gaining popularity now

Course Content

Module 1

○ Introduction to Android Mobile OS
○ Android Security Architecture
○ Sandboxing Applications
○ Setting up the Android Emulator
○ Working with the Android Debug Bridge (ADB)
○ Setting up a Mobile Pentest Environment

Module 2

○ Inspecting Application Certificates & Sign&tures
○ Signing/Resigning Android Applications
○ Application Signature Verification
○ Investigating the Android App Permissions through the Manifest File
○ Application Resources Extraction using ADB

Module 3

○ Bypassing Android Permissions
○ Introduction to Drozer
○ Setting up and Running a Drozer Session
○ Enumerating Packages and their Activities
○ Enumerating Content Providers &&Serv&&es
○ Enumerating Broadcast Receivers
○ Finding Vulnerabilities using Drozer

Module 4

○ Reversing of Android Applications
○ Working with the Logcat
○ Disclosing Sensitive Information using Logcat
○ Network Traffic Inspection
○ Passive Intent Sniffing
○ Exploiting Services
○ Exploiting Broadcast Receivers
○ Exploiting Insecure Data Storage
○ Understanding the Top 10 Mobile Vulnerabilities
○ Exploiting Poor Cryptography Implementation
○ Exploiting Data Leakage Vulnerabilities
○ Exploiting the Debuggable Applications
○ Understanding the Concept of Certificate Pinning
○ Dynamically Analysing Android Applications
○ Understanding and Working with different Obfuscation Techniques
○ Static Analysis using MobSF
○ Getting into Bug Bounty Programs : BugCrowd, HackerOne
○ Learning from advance exploitation methods via Responsible Disclosures

  • Coming Soon
I assume that most of you are NEW to Testing and have no experience in writing any code. That way, I ensure that I go through from the very basic level and gradually move to advanced topics.
This is NOT Java training. However, I shall teach all that is need to successfully build, design, run and maintain Data-Driven, Keyword-Driven and Hybrid Automation frameworks through Java/JUnit.
There is a lot to learn initially on Selenium IDE, RC and GRID. We then go into programming through Java. Once you learn a flow with one language it will make things easier to adapt and learn or implement through other languages. You know how things work and what can/cannot be done.
It varies and depends on the organization implementing it.
Please refer to Welcome Pack for Selenium on the https://www.itelearn.com/member-thank-you page for detailed installation instructions.
Excellent. Visit dice or monster or CareerBuilder. Both tools have their goods and bads. Having these 2 words on your resume will help your marketing a lot.
NO. This training has a well integrated and navigates through easy to advanced topics seamlessly. This is the primary reason, it makes your concepts rock solid and you would be able to grasp and implement lot many features. Even if you are an experienced QTP professional and need to sharpen your skills, there is no shortcut. You have to go through the entire program as there are many concepts and fundamentals that you may miss otherwise.
The training program has sufficient focus on learning the required programming knowledge.
The entire training is focused on practical, hands-on, job like projects and practice.

“Selenium is an open source tool and supported by a large volunteers of open source developers. Selenium has become one of the most popular automation testing tools in the recent days. More and more organizations are adopting Selenium over other commercial software testing tools. I remember predicting Selenium will be the dominating automation tools in next 3 years. I said this in 2010 to a group of my students and it is almost reality now. Why is it so popular? It is the cost. More and more organizations are cutting cost and divorcing commercial and high cost tools like QTP, rational and MS visual suites of tools. Open source is a cost effective solution in the long run even if the learning curve is little steep. I am sure the job market for selenium will increase in 2013 and coming years.”

The scripting language used for Selenium training is Java.
It varies and depends on the organization implementing it.
  • Member Testimonials

    ram

    thank u so much Karthik... i am manual tester, my orgainasation wants me to learn qtp at my own , your session would be a... Read More
    2017-06-30T12:13:06+00:00
    thank u so much Karthik... i am manual tester, my orgainasation wants me to learn qtp at my own , your session would be a great help for me..

    kartik pai

    Good one.. Was in search of this for getting some basic info 🙂
    2017-06-30T12:38:17+00:00
    Good one.. Was in search of this for getting some basic info 🙂

    Ramakishna rao angara

    The project is really good and can be recommended for those who wants to QA or Automation testing and those who wants to upgrade their... Read More
    2017-08-07T06:58:04+00:00
    The project is really good and can be recommended for those who wants to QA or Automation testing and those who wants to upgrade their skills in this area. The teaching no doubt fantastic and really made me 100% involvement in to subject/project.We really enjoyed and learned,shared,reviewed Test cases,Test Scenarios,as a Team and implemented the suggestions given by Karthik and Manoj. From my side I felt some time audio breaks that's it otherwise fantastic program.

    Silvi Thomas

    I really enjoyed working on the project but was little bit disappointed when only 2 people were active out of 7. That was a real... Read More
    2017-08-07T06:40:53+00:00
    I really enjoyed working on the project but was little bit disappointed when only 2 people were active out of 7. That was a real challenge as we couldn't complete the project as per our test plan. This project has increased my confidence and I feel that I can talk about my project confidently. Thank you for your support and encouragement.

    Reena Rani

    This is Reena here from MOST IV Batch. Thank you so much for providing the wonderful and awesome training on software testing tools. When I... Read More
    2017-06-30T11:38:01+00:00
    This is Reena here from MOST IV Batch. Thank you so much for providing the wonderful and awesome training on software testing tools. When I joined first, I had only basic manual testing knowledge. But now I feel so much confident. I got my first job as an automation tester. Though this is temporary position but I m still very happy that at least the journey has been started. Every one is happy with my work. We are using Selenium with Codeception and Php unit. This is my third week in the job. I personally wanted to thank you to make me eligible by showing the right path in this journey. I really enjoyed the learning here with you. Thanks once again.