GIAC Mobile Device Security Analyst (GMOB)

SANS SEC575, titled “iOS and Android Application Security Analysis and Penetration Testing,” is a course that focuses on mobile device security analysis and penetration testing for both iOS and Android platforms. Here’s a summary of the key points:

Course Highlights:

• Duration: 6 days (available in-person or online)
• CPEs: 36
• Target Audience: Individuals interested in mobile device security, mobile app security, and penetration testing
• GIAC Mobile Device Security Analyst (GMOB) Certification: The course leads to the GMOB certification, which focuses on mobile device and application security.

What You Will Learn:

• Understand the security strengths and weaknesses of Apple iOS and Android devices, including the latest versions.
• Evaluate the security of built-in and third-party mobile applications.
• Learn to bypass platform encryption and manipulate apps to circumvent client-side security techniques.
• Use automated and manual mobile application analysis tools to identify vulnerabilities in mobile app network traffic, file system storage, and inter-app communication channels.
• Work with mobile malware samples to assess data exposure and access threats for both Android and iOS devices.
• Learn to bypass locked screens to exploit lost or stolen devices.
• Leverage Corellium for Android and iOS emulation to perform hands-on penetration testing in a realistic environment.
• Effectively communicate threats and vulnerabilities to key stakeholders.
• Utilize industry standards like the OWASP Mobile Application Security Verification Standard (MASVS) for assessing mobile applications.

The Importance of Mobile Device Security:

• Mobile devices are a significant attack surface in most organizations, and their security is crucial.
• These devices store sensitive and critical data, are frequently on the move, and have various wireless technologies, making them susceptible to attacks.
• Organizations often lack the skills needed to assess and secure their mobile devices effectively.

The Corellium Platform:

• Corellium is used for Android and iOS penetration testing in a realistic environment.
• It allows students to create virtualized iOS and Android devices with full root access, even on the latest versions.
• Students can test their skills in their browser while having full SSH/ADB access and access to powerful tools.

Course Structure:

• The course covers iOS and Android, as well as static and dynamic application analysis, penetration testing, and includes a hands-on Capture-the-Flag event.

GIAC Mobile Device Security Analyst (GMOB) Certification:

• The GMOB certification focuses on assessing and managing mobile device and application security, mitigating mobile malware, and addressing issues related to stolen devices.

Prerequisites:

• Experience with programming in any language is recommended.
• Basic understanding of programming concepts such as conditional statements, variables, loops, and functions.
• Familiarity with Linux and terminal commands.
• Basic knowledge of penetration testing concepts (such as those taught in SANS SEC504: Hacker Tools, Techniques, and Incident Handling) is helpful.

In summary, SEC575 equips individuals with the knowledge and skills needed to assess and secure mobile devices and mobile applications on both iOS and Android platforms. The course culminates in the GIAC Mobile Device Security Analyst (GMOB) certification, demonstrating expertise in mobile device security.