Android Penetration Testing 101

  • Post category:StudyBullet-5
  • Reading time:5 mins read


What you will learn

Enrollers are guided from the basic understanding of android architecture to Performing vulnerability assessment on android applications.

After completion of the course, you’ll be ready to perform vulnerability assessments on any android application.

Having basic android knowledge would be more gain. However, we will be sharing the required knowledge in the course for the benefit of beginners.

Android Penetration testers are very handful, you will be one among them at the end of the course.

Description

Android Penetration Testing 101 course is designed mainly for beginners who want to start their journey in android security but have no idea how to create and where to start.

This course gives you complete knowledge beginning from the android architecture to the analysis of the android application with all the attack vectors you learned.

In this course, we have demonstrated static analysis of android applications concerning all the frameworks( Reactnative, Java, flutter, Cordova) with the help of unique tools such as Jadx, Jeb decompiler, and GDA decompiler. Along with that, we have demonstrated automated scanners like MOBSF from installation to the dynamic analysis of the app. Also, we have discussed the common vulnerabilities that can be identified during the static analysis and the endpoints that we can look for.

The most exciting part of any Penetration testing is Dynamic analysis; In this course, we discussed why mobile applications need dynamic analysis and its role in hunting vulnerabilities. We have demonstrated setting up the lab for dynamic analysis( we preferred a burp suite with genymotion).

The primary concept in the dynamic analysis is SSL-PINNING; we have discussed all the ideas regarding SSL-pinning and demonstrated bypassing methods of SSL in android.


Get Instant Notification of New Courses on our Telegram channel.


We have discussed excellent dynamic illustration tools like Frida and objection and demonstrated the setup.

In the end, we have performed live dynamic analysis on the android application and discussed common vulnerabilities that, can be identified during the dynamic analysis, the endpoints that we can look for, and how to find sensitive information in the app’s database.

To make your pentesting smoother, we provided an Android pentesting checklist, which might come in handy during your Real-time analysis.

English
language

Content

Introduction to course

Introduction to structure of the course

Penetration testing

what is penetration testing?
What is Android Penetration testing?

Basic android concepts

Android and its architecture
What are APK and its structure?
Android Components and LifeCycle
what are decompilation and decompilers?

Static Analysis

what is Static Analysis? why is it important?
Introduction to Static Analysis tools and their installations.
MOBSF: Installation and Introduction to MOBSF.
Common Vulnerabilities that can be found using static analysis

Dynamic Analysis

what is the dynamic analysis and why is it important.
Dynamic Analysis Lab Setup
what is SSL-PINNING, why is it important to integrate with the application?
Installation and Introduction to Frida and Frida-tools
Bypassing SSL-PINNING in 3 different ways.
Demonstration of Dynamic Analysis

Summary and Checklist

Android Penetration Testing Checklist
Highlights of Android Penetration testing 201
Summary and Thank You
Enroll for Free

💠 Follow this Video to Get Free Courses on Every Udemy Topics! 💠

Tags: , , ,