In today’s rapidly evolving tech landscape, mobile application security is more critical than ever. As a security enthusiast or professional, understanding how to safeguard mobile applications is a valuable skill. Let me walk you through a comprehensive course on Mobile Application Penetration Testing, designed to equip you with the knowledge and tools necessary to secure both iOS and Android apps.
Course Overview
This course delves into the intricacies of mobile application penetration testing, focusing on the Android and iOS platforms. It covers a range of techniques to extract sensitive data from applications, such as API keys, stored secrets, and Firebase databases. Whether you’re looking to start a career as a Mobile Application Penetration Tester or want to engage in bug bounty hunting, this course lays a solid foundation for your journey.
Requirements
Before diving into the course, it’s important to ensure you meet the following prerequisites:
General Requirements:
- Basic understanding of web application or API-based penetration testing.
- Familiarity with mobile platforms like iOS and Android, including navigating settings and installing applications.
Android Section:
- A machine running Windows, Linux, or MacOS
- At least 16 GB of RAM
- A minimum of 250 GB available storage
iOS Section:
- A MacOS-based machine (Macbook, Mac Mini, etc.) or a Linux-based physical machine with 16 GB of RAM and 250 GB available storage
- A physical iPhone or iPad running iOS 16.x or earlier (for jailbreaking purposes)
What Will You Learn?
Here’s a brief overview of the key skills and knowledge you’ll gain from the course:
- Penetration Testing Processes: Understand both general and mobile-specific penetration testing methodologies.
- Lab Environment Setup: Learn how to set up a lab to analyze iOS and Android applications from the Apple and Google Play Stores.
- Manual and Automated Analysis: Perform manual analysis to find sensitive information and use tools like MobSF for automated analysis.
- Breaking SSL Pinning: Use Objection and Frida to bypass SSL pinning on both iOS and Android.
- OWASP Top Ten for Mobile: Familiarize yourself with the OWASP Top Ten Mobile security risks.
- Jailbreaking iOS Devices: Gain hands-on experience in jailbreaking iOS devices.
Course Curriculum Highlights
The course is structured into several key sections, totaling 9 hours of content:
- Introduction and Course Resources: An overview of the course, including resource materials and device requirements.
- Penetration Testing Process: Detailed processes for both general and mobile-specific penetration testing.
- Android Security Architecture: In-depth exploration of Android security architecture and application signing processes.
- Additional Sections: Covering topics such as manual and automated analysis, SSL pinning, and more.
Membership Benefits
This course is part of an All-Access Membership that starts at just $29.99/month. With this membership, you’ll get full access to this course as well as the entire course catalog, including the popular Practical Ethical Hacking course.
Submit your review | |
Difficulty: 1 out of 5.
I was very disappointed in the content. The course just showed how to install tools/jailbreak and tool usage in a very basic way.
At one point the instructor could not get the tools to install during set up and said something along the lines of "I can't get it to work but it should be good for you". (Or something along those lines, paraphrasing)
Though to be fair, I have not watched the android section. It might be better? It seemed like iOS was an afterthought for this course.
Unless you are looking for a guide to set up tools/show basic usage, save your money and skip this course. You are better off with free materials.