Android Application Security Testing Training

The Android Application Security Training is a “2 Day Hands-On Training”. This Training is intended for students interested in making a career in the Information Security domain and specifically into Mobile Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the mobile applications from security standpoint.
This training covers understanding the internals of android applications, Real-time testing of android applications and a strategic approach to analyse applications for OWASP Top 10 vulnerabilities Mobile security issues such as Injections, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. This training is made of CTF based modules where the attendees will have to solve a different set of Challenges to move on to the next set of modules, giving them real time hands-on experience on pentesting mobile applications.

Trainer : Karthik Kosireddi & Nikhil

Karthik Kosireddi, with an experience of more than two decades in the IT industry has a track record of training thousands of software testing professionals across the globe. Being a tech-savvy professional, he always updates himself with the latest technological developments and in a continuous research process. He is the man behind the hybrid automation framework AnyAUT which is gaining popularity now

Course Content

Module 1

○ Introduction to Android Mobile OS
○ Android Security Architecture
○ Sandboxing Applications
○ Setting up the Android Emulator
○ Working with the Android Debug Bridge (ADB)
○ Setting up a Mobile Pentest Environment

Module 2

○ Inspecting Application Certificates & Sign&tures
○ Signing/Resigning Android Applications
○ Application Signature Verification
○ Investigating the Android App Permissions through the Manifest File
○ Application Resources Extraction using ADB

Module 3

○ Bypassing Android Permissions
○ Introduction to Drozer
○ Setting up and Running a Drozer Session
○ Enumerating Packages and their Activities
○ Enumerating Content Providers &&Serv&&es
○ Enumerating Broadcast Receivers
○ Finding Vulnerabilities using Drozer

Module 4

○ Reversing of Android Applications
○ Working with the Logcat
○ Disclosing Sensitive Information using Logcat
○ Network Traffic Inspection
○ Passive Intent Sniffing
○ Exploiting Services
○ Exploiting Broadcast Receivers
○ Exploiting Insecure Data Storage
○ Understanding the Top 10 Mobile Vulnerabilities
○ Exploiting Poor Cryptography Implementation
○ Exploiting Data Leakage Vulnerabilities
○ Exploiting the Debuggable Applications
○ Understanding the Concept of Certificate Pinning
○ Dynamically Analysing Android Applications
○ Understanding and Working with different Obfuscation Techniques
○ Static Analysis using MobSF
○ Getting into Bug Bounty Programs : BugCrowd, HackerOne
○ Learning from advance exploitation methods via Responsible Disclosures

  • Coming Soon
I assume that most of you are NEW to Testing and have no experience in writing any code. That way, I ensure that I go through from the very basic level and gradually move to advanced topics.
This is NOT Java training. However, I shall teach all that is need to successfully build, design, run and maintain Data-Driven, Keyword-Driven and Hybrid Automation frameworks through Java/JUnit.
There is a lot to learn initially on Selenium IDE, RC and GRID. We then go into programming through Java. Once you learn a flow with one language it will make things easier to adapt and learn or implement through other languages. You know how things work and what can/cannot be done.
It varies and depends on the organization implementing it.
Please refer to Welcome Pack for Selenium on the https://www.itelearn.com/member-thank-you page for detailed installation instructions.
Excellent. Visit dice or monster or CareerBuilder. Both tools have their goods and bads. Having these 2 words on your resume will help your marketing a lot.
NO. This training has a well integrated and navigates through easy to advanced topics seamlessly. This is the primary reason, it makes your concepts rock solid and you would be able to grasp and implement lot many features. Even if you are an experienced QTP professional and need to sharpen your skills, there is no shortcut. You have to go through the entire program as there are many concepts and fundamentals that you may miss otherwise.
The training program has sufficient focus on learning the required programming knowledge.
The entire training is focused on practical, hands-on, job like projects and practice.

“Selenium is an open source tool and supported by a large volunteers of open source developers. Selenium has become one of the most popular automation testing tools in the recent days. More and more organizations are adopting Selenium over other commercial software testing tools. I remember predicting Selenium will be the dominating automation tools in next 3 years. I said this in 2010 to a group of my students and it is almost reality now. Why is it so popular? It is the cost. More and more organizations are cutting cost and divorcing commercial and high cost tools like QTP, rational and MS visual suites of tools. Open source is a cost effective solution in the long run even if the learning curve is little steep. I am sure the job market for selenium will increase in 2013 and coming years.”

The scripting language used for Selenium training is Java.
It varies and depends on the organization implementing it.
  • Member Testimonials

    Vinodh GV

    one million likes from my side.. I'm just a beginner and so It helped me a lot... _/\_
    2017-06-30T12:08:52+00:00
    one million likes from my side.. I'm just a beginner and so It helped me a lot... _/\_

    Deepak Shenoy

    "Thank you for this wonderful selenium training.I had become absolutely useless(very difficult to get job with only manual testing skills).But after this training i have... Read More
    2017-06-30T12:03:08+00:00
    "Thank you for this wonderful selenium training.I had become absolutely useless(very difficult to get job with only manual testing skills).But after this training i have been flooded will calls for interview."

    satish.maddala Kumar

    Very Very Thanks For Your Valuable Information.......
    2017-06-30T12:33:38+00:00
    Very Very Thanks For Your Valuable Information.......

    Aviad Sar Shalom

    I learned QTP and Selenium with you.,I secured 2 jobs thanks to it, after passing 2 real tough technical interviews.. --The interviewer has no mercy,... Read More
    2017-06-27T11:55:28+00:00
    I learned QTP and Selenium with you.,I secured 2 jobs thanks to it, after passing 2 real tough technical interviews.. --The interviewer has no mercy, and try to tackle me no matter what,But it doesn't matter what he asked, after watching your videos, i felt that not just that i know much more than the interviewer..He cant even scratch the bottom of my knowledge.....

    Priti Pampatwar

    Very well explained... quite useful for those who are new to Framework concept in QTP. Thanks very much for this. Keep uploading such videos. 
    2017-06-30T12:36:38+00:00
    Very well explained... quite useful for those who are new to Framework concept in QTP. Thanks very much for this. Keep uploading such videos. 
  •