Mobile Application Hacking Training
> Services for your people > Mobile Application Hacking Training
Mobile Application Hacking Training
Hacking mobile apps is a great way to a first step to gain access to the critical information and hacking the back-end. Learn how to identify security flaws in iOS & Android apps to reduce costs by implementing security features early on.
Why should you attend?
- Gain knowledge of the Android and iOS architecture setup
- Gain knowledge of security concepts and methods for protecting mobile applications
- Create a basic toolbox to perform actual security testing of dummy mobile applications
- Being able to perform basic mobile application security testing after the course
- Learn to perform several mobile application attacks like MitM and modifying application data
- Learn to identify security weaknesses in cryptography
- Learn to perform filesystem analysis
- Get access to multiple sources to develop your skills further
This is a very interactive training course with lots of exercises and demonstrations to support effective learning.
Intended Audience
This training is suitable for:
- Mobile application developers
- Pentesters
- Mobile application testers
- Software engineers
- Technical staff involved in security management
Required Skills & Expertise
Technical background and expertise is required for this course as the training will describe in depth technical concepts and requires execution of various scripts. Programming experience is not required, though useful. Experience with the Linux command line is a plus.
Program
The Mobile Security training course consists of two days. The first day is focused on Android and the second day on iOS. We start from a theoretical perspective with practical exercises in each afternoon, so you go home with a toolbox and practical experience.
Day 1 - Android
General Mobile Security (MASVS Framework)
- Key Areas according to OWASP MASVS
- General information about MASVS and its levels
- Architecture and Design (V1)
- Data Storage and Privacy (V2)
- Cryptography (V3)
- Authentication and Authorization (V4)
- Network Communication (V5)
- Interaction with the mobile platform(V6)
- Code quality and exploit mitigation (V7)
- Anti-Tampering and anti-reversing (R)
- Mobile application taxonomy
Android platform internals
- General information & Platform architecture
- Java applications vs Android applications
- Dalvik / Android runtime
- Users, permissions, file structure
- Security features in Android
- What is new in the Android security features
- Application components
Methods and tooling
- Physical device vs Emulator
- Emulator configuration
- Tooling & Test setup
- Automated tools
Workshop: Secura InsecureShop
- Reconnaissance and APK analysis
- How to identify Security Vulnerabilities?
- Root detection bypass
- Analyzing network traffic and crypto implementation
- Reverse Engineering to circumvent Certificate Pinning
- Testing application components (Content Providers, Activities, etc.)
How to perform a mobile Android application assessment?
- Guidelines and best practices to perform a security assessment.
Day 2 - iOS
iOS platform internals
- Platform architecture
- Application runtime
- Users, permissions, file structure
- Application folder structure
- Application fundamentals
- Inter-app communication (IPC)
- New security features in iOS
Security features and flaws
- Apple iOS security features
- Secure Boot
- Secure enclave
- Touch ID
- Face ID
- File data protection
- Apple iOS security flaws
- Jailbreaking
Application Fundamentals
- App development & languages
- iPA format
- iOS privilege model
- Security Consideration
Methods and tooling
- Simulator
- Tooling
- Test setup
Demo: iOS file system analysis
- Demonstration of how to analyse the file system with concrete examples
Demo: iOS application testing
- Cover the security testing of a vulnerable iOS application
Interested in the Mobile Application Hacking Training?
If you are interested in hosting this interactive and tailored workshop at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.

ABOUT SECURA
Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.
Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.