Android Application Hacking - Pentesting Mobile Applications

BlackHat 2013

ANDROID APPLICATION HACKING – PENTESTING MOBILE APPS

EREZ METULA, APPSEC LABS | JULY 27-28 & 29-30

FOR PRICING AND REGISTRATION CLICK HERE

OVERVIEW

This course will focus on the techniques and tools for testing the security of Android mobile applications. During this course the students will learn about important topics such as the Android Security model, the Android runtime, how to perform static analysis, traffic manipulation, memory dumps, debugging, code modification and dynamic analysis – from zero knowledge of the APK to full exploitation. Students of this course will learn how to operate and make the best of the AppUse custom VM for Android application penetration testing, from its own creators.

By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application such as insecure storage, traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi, bad cryptography, and more.

THE OBJECTIVES OF THE COURSE ARE

  • Understand the Android application threat landscape
  • Perform penetration testing on android mobile apps
  • Identify vulnerabilities and exploit them - from zero knowledge of the APK to full exploitation
  • Operate AppSec Labs' unique AppUse customized VM for android pen-testing

WHO SHOULD TAKE THIS COURSE

Members of the security / software development team:

  • Security penetration testers
  • Android developers

PREREQUISITES:

Before attending this course, students should be familiar with:

  • Common security concepts
  • Basic knowledge of the Linux OS
  • Development background and basic knowledge of the Android development platform

TRAINER

Erez Metula is a world renowned application security expert, spending most of his time finding software vulnerabilities and teaching developers how they should avoid them. Erez has an extensive hands-on experience performing security assessments, code reviews and secure development trainings for worldwide organizations, and had previously talked at international security conferences such as BlackHat, Defcon, OWASP, RSA, SOURCE, CanSecWest and more. His latest research on Managed Code Rootkits, presented at major conferences throughout the world, was published recently as a book by Syngress publishing. He is the founder of AppSec Labs, where he focuses on advanced application security topics. Erez holds an MSc in computer science and he is CISSP.