Mobile Application market is growing like anything and so is the Mobile Security industry. With lots of frequent application releases and updates happening, conducting the complete security analysis of mobile applications becomes time consuming and cumbersome mainly because of the overheads in setting up and maintaining a mobile application testing environment. This course will introduce Mobile Security Framework (MobSF) , an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis of mobile applications. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. This course covers the major features of MobSF and provides detailed walkthroughs with hands on exercises.
What are the requirements?
- Basic understanding of Mobile Security Fundamentals
- 10 GB of Storage and 8 GB or more RAM
- Full Hardware Virtualization support
- Unrestricted Internet access
- Full Administrative access and USB ports enabled.
What are the take aways?
- Learn how to use MobSF for automated Security Assessment of mobile applications.
- Perform instrumented security testing on Android apps at runtime.
- Use MobSF can for vetting 3rd party apps and dissect Mobile malware.
- Learn how to integrate MobSF in your CI/CD pipeline.
- Capture the Flag competition to challenge yourself.
Course Details
Duration: 1 days
Language: English
Location: As requested and onsite
Trainer: Ajin Abraham
No of Students: 10 – 20
Cost in India: 120000 INR
Cost Abroad/Onsite: 4999 USD
Course Syllabus
Introduction and Setup
- What is Mobile Security Framework
- Setting up MobSF for Static and Dynamic Analysis
- Troubleshooting
Static Analyzer
- Static Analysis of Android App and Source Code
- Report Walkthrough
- Comparing Android App scan results
- Exercise: Static Analysis APK & ZIP
- Static Analysis of iOS App and Objective C Source Code
- Report Walkthrough
- Exercise: Static Analysis IPA & ZIP
- Capture the Flag competition – Static Analysis Challenge
Dynamic Analyzer
- Dynamic Analysis of android applications
- Walkthrough of Dynamic Analyzer
- Exercise: Dynamic Analysis of APK
- Frida 101: Introduction to instrumented security testing
- Writing Frida scripts
- Exercise: Instrumented Security tests with Frida scripts
- Capture the Flag competition – Runtime Patching Challenge
Web API, DevSecOps and Additional Features
- Repeating web traffic with HTTPtools
- MobSF REST API for CI/CD
- VirusTotal integration
- APKiD integration