Android App Penetration Testing


Android pentesting is like most jobs in Mobile Pentesting that you need to know some basics and have certain skills before you can begin to get deep into the field.

A good starting point for building up the necessary skill set is checking out
the Open Web Application Security Project (OWASP) Top Ten lists.
OWASP publishes a list of the Top Ten Web Application Vulnerabilities and the Mobile Top Ten. Becoming familiar with the vulnerabilities included in these lists is a great way to start getting into Android Pentesting.
Many automated tools exist for Android and web app penetration testing and knowledge of how to run them and process their output is important for a pentester. However, at some point it will be necessary to look at the source code of some application on the target machine.
The ability to read, if not write Java and Objective-C is helpful for a Mobile penetration tester evaluating Android mobile devices. Unlike black-hat hacking where the primary goal is finding a way into the target, the primary goal of penetration testing is helping your client fill the gaps in their security. Hackers only have to find one vulnerability in a system,
pentesters need to find as many as possible, so a lot of time is spent performing the same old basic tests before moving on to the “cool stuff.

In order to get started, an aspiring android pentester needs to make some decisions about the testing environment (whether to use emulators or real devices as targets) and set up a pentesting machine with the right tools for the job.

Android Pentesting Tools for pentesters , many tools have been developed to aid in the hacking process. At a minimum, an emulator is necessary in order to gain familiarity with a variety of target platforms, but other tools
have also been developed to automate common steps. In general, a Linux orMac computer is a better choice than a Windows one for mobile pentesting, as Unix-based systems have better support for the available tools.

Required Tools
1 Apktool
2 dex2jar
4 Burp suite
5 Android Debug Bridge (ADB)
6 Drozer Security Framework
7 Santoku Operating System
8 Genymotion Emulator

After setting up a toolkit and getting some experience in mobile pentesting, the final step in the process is preparing a resume for a
Android pentesting position.

Any previous work experience, CTF-related experience and pentesting
projects should be included in your resume when applying for a position
as Android pentester.

Android penetration testing requires both knowledge of web application vulnerabilities and mobile-specific vulnerabilities, tools and techniques. A variety of training courses and certifications are available to start the aspiring android penetration tester off, but in the end, practice is essential to mastery. By starting with web-application penetration testing and branching out to android specific vulnerabilities, a student can build up
the background knowledge necessary to land a position as a android penetration tester.


Course Curriculum

Introduction to Android
Overview FREE 00:06:00
Android Versions and history 00:11:00
Android Architecture FREE 00:06:00
Android Security Architecture FREE 00:02:00
Android App development cycle 00:04:00
Android Application components 00:09:00
Lab Setup
Genymotion Emulator and Santoku Operating System (Part-1) 00:04:00
Genymotion Emulator and Santoku Operating System (Part-2) 00:15:00
Playing With Apk
Android debugging 00:05:00
Unzipping android application 00:07:00
Reversing android application 00:08:00
Application signing and building 00:05:00
Android Pinning 00:03:00
OWASP Mobile Top 10
OWASP Mobile top 10 00:07:00
DIVA Intro
Damn Insecure and vulnerable app(DIVA) 00:00:00
Insecure logging 00:09:00
Hard coding issues 00:00:00
insecure data storage 00:18:00
Input Validation Issue (Part-1) 00:05:00
Input validation issue (Part-2) 00:04:00
Access Control Issue (Part-1) 00:10:00
Access control issue (Part-2) 00:05:00
Android Penetration Testing Project 00:00:00

Course Reviews


1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0
  •  499.00
  • Course Certificate
© Cosmic Skills Edu LLP . All rights reserved.
WhatsApp chat