Overview
-
Get a structured, comprehensive approach for testing Android apps. Learn how to leverage key penetration testing tools and frameworks to uncover common security vulnerabilities.
Syllabus
-
Introduction
- Pentesting Android apps
- What you should know
- Overview of Android
- Activity and services
- Content providers and receivers
- Web vs. Android security
- Domains of Android security
- Common terminologies
- Lab setup
- Introduction to MobSF
- Setting up MobSF
- Scanning target applications
- Manifest analysis
- Code analysis
- Introduction to Burp Suite
- Burp Suite setup on workstation
- Burp Suite setup on test device
- Application testing: Brute force
- Application testing: Password change
- Introduction to Android Debug Bridge
- Basic adb commands
- Testing platform: Insecure logging
- Testing platform: Insecure data storage
- Introduction to drozer
- drozer architecture
- drozer setup
- Sieve application overview
- Basic commands
- Activity testing
- Content provider testing
- Content provider testing: SQL injection
- Mobile OWASP Top 10
- Next steps
