Certified Mobile Security Professional

Introduction

Certified Mobile Security Professional (CMSP) is a training course designed for Mobile Application Security testing that gives penetration testers and IT Security professionals the practical skills necessary to understand technical threats and attack vectors targeting mobile devices.

The course will walk you through the process of identifying security issues on Android and iOS Applications, using a wide variety of techniques including Reverse Engineering, Static/Dynamic/Runtime and Network analysis.

The student will learn how to code simple Android applications step by step. These will be necessary to fully understand mobile application security and to build real world POC’s and exploits.

Moreover, a number of vulnerable mobile applications, included in the training course, will give the student the chance to practice and learn things by actually doing them: from decrypting and disassembling applications, to writing fully working exploits and malicious applications.

Prerequisites

  • Basic knowledge of programming fundamentals. Simple Java and Objective-C Hello world covered within the course.
  • Basic security concepts such as : cryptography, reverse engineering, SQL injections and web tools such as Wireshark and OWASP ZAP (or Burp)

Who should attend?

  • Penetration Testers

  • Mobile Application Developers

  • Security Enthusiasts

Day 1

  • 1

    Overview of Popular Mobile Platforms

    2 hours
  • 2

    Mobile OS Architectures & Security Models

    3 hours
  • 3

    Android: Setting up a test environment

    3 hours

Day 2

  • 1

    Android: Reverse Engineering & Static Analysis (with Lab)

    4 hours
  • 2

    Android: Dynamic/Runtime Analysis (with Lab)

    4 hours

Day 3

  • 1

    Android: Network Analysis (with Lab)

    4 hours
  • 2

    iOS Penetration Testing

    2 hours
  • 3

    Windows Phone Penetration Testing

    1 hours
  • 4

    Review

    1 hours

What you will learn

  • iOS, Android and Windows Phone architectures, security mechanisms and implementation
  • In-depth Android and iOS vulnerabilities
  • Reverse engineering mobile applications
  • Static and Dynamic analysis of mobile applications
  • Build your own home lab on mobile application security
  • Skills necessary to perform Penetration tests of mobile applications
  • Covers APKTool, GDB Debugger, Introspy, Drozer and many others tools