Description
Mobile Application market is growing like anything and so is the Mobile Security industry. With lots of frequent application releases and updates happening, conducting the complete security analysis of mobile applications becomes time consuming and cumbersome mainly because of the overheads in setting up and maintaining a mobile application testing environment. This course will introduce Mobile Security Framework (MobSF) , an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis of mobile applications. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. This course covers the major features of MobSF and provides detailed walkthroughs with hands on exercises.
Features of this course
- Getting Familiar with an Open Source framework for Automated Mobile Security Assessment.
- Learn about One Click Report Generation and Security Assessment.
- Learn how to deploy MobSF at your own environment so that you have complete control of the data.
- Perform Automated Security Assessment for both Android and iOS Applications.
- Learn how to perform instrumented security tests with the semi automated Dynamic Analyzer .
- Integrate MobSF in your CI/CD pipeline.
What are the requirements?
- Basic Usage of Linux/Windows/Mac
- Comfortable with Terminal like interface
- Basic Understanding of Mobile Application Security (OWASP Mobile Top 10 or OWASP Mobile Security Testing Guide – MSTG)
- Basic Understanding of Frida is recommended but not required
What am I going to get from this course?
- Over 25 lectures and 1 hour 30 minutes of content!
- Learn how to perform automated Security Assessment of mobile applications.
- Learn how to perform instrumented security tests on Android applications at runtime.
- Understand how MobSF can be used for vetting 3rd party apps and dissect Mobile malware.
- Bypass business logic of real world applications using MobSF Dynamic Analyzer.
What is the target audience?
- Application Security Professionals interested in Mobile Application Security
- If you are trying to automate the cumbersome process of Mobile Application Security Assessment; Don’t hesitate, this course is for you.
- DevSecOps professionals who want to implement a mobile security tool in their CI/CD pipeline.
- Developers who want to catch insecure coding practices and security issues while they are developing the apps.
- If you want to learn the basics of Mobile Application Security, this course is probably not for you.
OpSecX Course Certificate
Upon successful completion of the course, you will be given a Certificate of Appreciation and the certificate can be verified from OpSecX online.
Curriculum
Section 1: Introduction to Mobile Security Framework – MobSF
1. Introduction to the Course
2. Introduction to Mobile Security Framework
3. Setting up Mobile Security Framework
Section 2: Performing Static Analysis with MobSF
4. Overview: MobSF Static Analyzer
5. Static Analysis of Android Binary and Report Walkthrough Part 1
6. Static Analysis of Android Binary and Report Walkthrough Part 2
7. Static Analysis of Android Source Code
8. Static Analysis of iOS Binary
9. Static Analysis of iOS Source Code
10. Static Analysis of Windows Binary
11. Additional Feature: Diffing Results
12. Additional Feature: VirusTotal Integration
Section 3: Performing Dynamic Analysis with MobSF
13. Overview: MobSF Dynamic Analyzer
14. Setting up Android Dynamic Analyzer
15. Dynamic Analysis of Android Binaries
16. Live API Monitor
17. Shell Access and Frida Code Editor
18. Auxiliary Frida Scripts
19. Android Dynamic Analysis Report Walkthrough
20. Exercise 1: Runtime Instrumentation with Frida Scripts
21. Exercise 2: Bypassing business logic of a real world app – Identifying the method to hook
22. Exercise 2: Bypassing business logic of a real world app – Writing Frida Script
Section 4: Repeating Traffic and CI/CD Integration
23. Capture and Repeat HTTPS Web Traffic
24. Integrating MobSF in CI/CD pipeline
Section 5: Conclusion
25. Course Conclusion
26. Course Slides and Materials
davin –
how to buy this course
trueorfalse (verified owner) –
This is a great introduction and walkthrough of the features of MobSF. If you are new to app security, this will show you what’s possible and even a little more with Frida.
Again, this is a set of videos that demo each feature of this tool.