In this one day practical training course we will cover how we, as technology professionals can test for security issues which will enable us to build more secure Android applications. this training will take the path of break-it-fix-it, where we will see, using real world Android application demos, how attackers identify security issues, what the impact of these issues can be to the business and also how to remediate and prevent these issues from occurring in the future.
Additionally, we’ll look at topics included in the OWASP Mobile Top 10 and much more. For example, how to reverse engineer Android applications, deobfuscation techniques, insecure data storage, insecure communication and authentication, and improver use of the Android platform and frameworks.
After the course you will be ready to test and identify Android application security issues, and more importantly build applications which are secure from the ground up.
- Setting up an Android security testing environment
- Analyzing APKs for security issues
- Static and Dynamic analysis
- Insecure Network Communication
- Common coding mistakes seen in the wild
- OWASP Mobile Top 10
- No prior knowledge of Android application security is required to attend this course
- AndroL4B VM (https://github.com/sh4hin/Androl4b) installed as a virtual machine
- Genymotion with Android images of 4.4.1 and 6.0
- Some Linux command line knowledge is recommended
- Python scripting knowledge is a plus, but not a necessity