Professional Documents
Culture Documents
arsenal.
MASPT at a glance:
10 highly practical modules
4 hours of video material
1200+ interactive slides
20 Applications to practice with
Leads to eMAPT certification
Most practical and up-to-date
course on Mobile Application
Security and Penetration testing
Covers Mobile OSs Security
Mechanisms and Implementations
Exposes Android and iOS
vulnerabilities in-depth
For Penetration testers, Forensers
and Mobile app developers
SYLLABUS
v1.0 (28/01/2014)
Course description:
Mobile Application Security and Penetration Testing (MASPT) is the online
training course on Mobile Application Security that gives penetration testers and
IT Security professionals the practical skills necessary to understand technical
threats and attack vectors targeting mobile devices.
The course will walk you through the process of identifying security issues on
Android and iOS Applications, using a wide variety of techniques including
Reverse Engineering, Static/Dynamic/Runtime and Network analysis.
The student will learn how to code simple iOS and Android applications step by
step. These will be necessary to fully understand mobile application security and
to build real world POCs and exploits.
Moreover, a number of vulnerable mobile applications, included in the training
course, will give the student the chance to practice and learn things by actually
doing them: from decrypting and disassembling applications, to writing fully
working exploits and malicious applications.
Organization of Contents
The student is provided with a suggested learning path to ensure the maximum
success rate and the minimum effort.
-
2.1. Android
2.1.1.Android Architecture
2.1.2.Android Security Models
2.1.2.1. Privilege Separation and
Sandboxing
2.1.2.2. File System Isolation
2.1.2.3. Storage and Database Isolation
2.1.2.4. Application Signing
2.1.2.5. Permission Model
2.1.2.6. Memory Management Security
Enhancement
2.1.2.7. Components
2.1.2.8. Google Bouncer
2.1.3.Rooting Devices
2.2. iOS
2.2.1.iOS Architecture
2.2.2.iOS Security Models
2.2.2.1. Privilege Separation
2.2.2.2. Sandbox
2.2.2.3. Code Signing
2.2.2.4. Keychain and Encryption
2.2.2.5. DEP/ASLR
2.2.2.6. Reduced OS
2.2.2.7. Security iOS Overview
2.2.3.Jailbreaking Devices
10
7.1. Debugging
7.2. LogCat
7.3. DDMS
7.4. Memory Analysis
7.4.1.DDMS
7.4.2.HPROF
7.4.3.Strings
7.4.4.Inspect HPROF Dump
7.4.5.MAT
7.5. IPC Mechanisms and App Components
7.5.1.Intents
7.5.2.Android Tools
7.5.2.1. Monkey
7.5.2.2. Activity Manager
7.5.2.3. LAB: Bypass Security Checks
7.5.3.Content Providers
7.5.3.1. Example #1
7.5.3.2. Example #2
7.5.3.3. Example #3
7.5.3.4. Query a Content Provider
7.5.3.5. Find the Correct URI
7.5.3.5.1. LAB: Content Providers
Leakage
7.5.3.6. SQL Injection
7.5.3.6.1. LAB: SQL injection
7.5.3.7. Directory Traversal
7.5.4.SharedUID
11
12
13
About eLearnSecurity
A leading innovator in the field of practical, hands-on IT security training.
Based in Pisa (Italy), Dubai (UAE) and in San Jose (USA), eLearnSecurity is a leading
provider of IT security and penetration testing courses including certifications for IT
professionals.
eLearnSecurity's mission is to advance the career of IT security professionals by
providing affordable and comprehensive education and certification.
All eLearnSecurity courses utilize engaging eLearning and the most effective mix of
theory, practice and methodology in IT security - all with real-world lessons that
students can immediately apply to build relevant skills and keep their organization's
data and systems safe.
eLearnSecurity 2014
Via Matteucci 36/38
56124 Pisa, Italy
14