Android Application Security Testing Training

The Android Application Security Training is a “2 Day Hands-On Training”. This Training is intended for students interested in making a career in the Information Security domain and specifically into Mobile Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the mobile applications from security standpoint.
This training covers understanding the internals of android applications, Real-time testing of android applications and a strategic approach to analyse applications for OWASP Top 10 vulnerabilities Mobile security issues such as Injections, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. This training is made of CTF based modules where the attendees will have to solve a different set of Challenges to move on to the next set of modules, giving them real time hands-on experience on pentesting mobile applications.

Trainer : Karthik Kosireddi & Nikhil

Karthik Kosireddi, with an experience of more than two decades in the IT industry has a track record of training thousands of software testing professionals across the globe. Being a tech-savvy professional, he always updates himself with the latest technological developments and in a continuous research process. He is the man behind the hybrid automation framework AnyAUT which is gaining popularity now

Course Content

Module 1

○ Introduction to Android Mobile OS
○ Android Security Architecture
○ Sandboxing Applications
○ Setting up the Android Emulator
○ Working with the Android Debug Bridge (ADB)
○ Setting up a Mobile Pentest Environment

Module 2

○ Inspecting Application Certificates & Sign&tures
○ Signing/Resigning Android Applications
○ Application Signature Verification
○ Investigating the Android App Permissions through the Manifest File
○ Application Resources Extraction using ADB

Module 3

○ Bypassing Android Permissions
○ Introduction to Drozer
○ Setting up and Running a Drozer Session
○ Enumerating Packages and their Activities
○ Enumerating Content Providers &&Serv&&es
○ Enumerating Broadcast Receivers
○ Finding Vulnerabilities using Drozer

Module 4

○ Reversing of Android Applications
○ Working with the Logcat
○ Disclosing Sensitive Information using Logcat
○ Network Traffic Inspection
○ Passive Intent Sniffing
○ Exploiting Services
○ Exploiting Broadcast Receivers
○ Exploiting Insecure Data Storage
○ Understanding the Top 10 Mobile Vulnerabilities
○ Exploiting Poor Cryptography Implementation
○ Exploiting Data Leakage Vulnerabilities
○ Exploiting the Debuggable Applications
○ Understanding the Concept of Certificate Pinning
○ Dynamically Analysing Android Applications
○ Understanding and Working with different Obfuscation Techniques
○ Static Analysis using MobSF
○ Getting into Bug Bounty Programs : BugCrowd, HackerOne
○ Learning from advance exploitation methods via Responsible Disclosures

  • Coming Soon
I assume that most of you are NEW to Testing and have no experience in writing any code. That way, I ensure that I go through from the very basic level and gradually move to advanced topics.
This is NOT Java training. However, I shall teach all that is need to successfully build, design, run and maintain Data-Driven, Keyword-Driven and Hybrid Automation frameworks through Java/JUnit.
There is a lot to learn initially on Selenium IDE, RC and GRID. We then go into programming through Java. Once you learn a flow with one language it will make things easier to adapt and learn or implement through other languages. You know how things work and what can/cannot be done.
It varies and depends on the organization implementing it.
Please refer to Welcome Pack for Selenium on the https://www.itelearn.com/member-thank-you page for detailed installation instructions.
Excellent. Visit dice or monster or CareerBuilder. Both tools have their goods and bads. Having these 2 words on your resume will help your marketing a lot.
NO. This training has a well integrated and navigates through easy to advanced topics seamlessly. This is the primary reason, it makes your concepts rock solid and you would be able to grasp and implement lot many features. Even if you are an experienced QTP professional and need to sharpen your skills, there is no shortcut. You have to go through the entire program as there are many concepts and fundamentals that you may miss otherwise.
The training program has sufficient focus on learning the required programming knowledge.
The entire training is focused on practical, hands-on, job like projects and practice.

“Selenium is an open source tool and supported by a large volunteers of open source developers. Selenium has become one of the most popular automation testing tools in the recent days. More and more organizations are adopting Selenium over other commercial software testing tools. I remember predicting Selenium will be the dominating automation tools in next 3 years. I said this in 2010 to a group of my students and it is almost reality now. Why is it so popular? It is the cost. More and more organizations are cutting cost and divorcing commercial and high cost tools like QTP, rational and MS visual suites of tools. Open source is a cost effective solution in the long run even if the learning curve is little steep. I am sure the job market for selenium will increase in 2013 and coming years.”

The scripting language used for Selenium training is Java.
It varies and depends on the organization implementing it.
  • Member Testimonials

    MrPocorico

    Hiya Karthik ....As usual many thanks for your teachings about all your SELENIUM videos. I have been reading books ect, for a year ..!!!! and... Read More
    2017-06-30T12:26:18+00:00
    Hiya Karthik ....As usual many thanks for your teachings about all your SELENIUM videos. I have been reading books ect, for a year ..!!!! and in one week doing your videos I have learned more than that.I feel very confident with my newly gained  knowledge. Lets hope I can get a got..!!!..can you expand on “ Job Interviews “ and marked demands a bit more.Again many thanks.

    killadagorsa

    "Thx alot...Actually am trying to learn Framework.... This is best video who are the begineers to QTP Framework U r xplanning in a good way...Thx... Read More
    2017-06-30T12:38:10+00:00
    "Thx alot...Actually am trying to learn Framework.... This is best video who are the begineers to QTP Framework U r xplanning in a good way...Thx alot CAn we get more videos on framework "

    Julie Davis

    "Hi Karthik Sir, The way you teach is amazing. Things look very easy whenever I see your Tutorial. I can just say God Bless You... Read More
    2017-06-30T12:07:25+00:00
    "Hi Karthik Sir, The way you teach is amazing. Things look very easy whenever I see your Tutorial. I can just say God Bless You a lot. Thanks "

    Padmaja Uppati

    I am glad to say that I cracked the CFTL exam a week ago.Thank you very much
    2017-06-30T11:46:44+00:00
    I am glad to say that I cracked the CFTL exam a week ago.Thank you very much

    Amar Sindol

    Karthik,u r really great in explaining, superb videos, have learnt some techniques n watching the chain to become an expert,thnx a lot
    2017-06-30T12:24:18+00:00
    Karthik,u r really great in explaining, superb videos, have learnt some techniques n watching the chain to become an expert,thnx a lot