Course Outline

Introduction

Overview of the OWASP Mobile Security Testing Guide

  • Key areas in mobile app security
  • The OWASP Mobile AppSec Verification Standard (MASVS)
  • Navigating the guide
  • Mobile app taxonomy

Understanding Mobile App Security Testing Basics

  • Mobile app security checklist
  • Testing principles
  • Setting testing objectives
  • Development lifecycle security testing

Running General Testing Techniques for Mobile Apps

  • Authentication architectures
  • Testing network and cryptography
  • Testing code quality
  • Tampering and reverse engineering
  • Mobile app user interaction

Exploring Android and iOS Platforms

  • Android platform overview
  • Data storage on Android
  • iOS platform overview
  • Data storage on iOS

Performing Security Testing for Android

  • Android basic security testing
  • Testing data storage
  • Local authentication
  • Android APIs (cryptographic, network, and platform)
  • Code quality and build settings for apps
  • Tampering and reverse engineering
  • Anti-reversing defenses

Performing Security Testing for iOS

  • iOS basic security testing
  • Testing data storage
  • iOS APIs (cryptographic, network, and platform)
  • Code quality and build settings for apps
  • Tampering and reverse engineering
  • Anti-reversing defenses

Contributing to the MSTG Community

  • Reading the MSTG
  • Contribution guide
  • Feature requests and feedback

Summary and Conclusion

Requirements

  • A general understanding of mobile app development lifecycle
  • Experience in mobile application development, security, and testing

Audience

  • Developers
  • Engineers
  • Architects
  21 Hours
 

Need help picking the right course?
Call us +971 4871 6715

Testimonials

Zobaczenie na żywo faktycznej realizacji działań z użyciem przykładowych narzędzi do badania/łamania zabezpieczeń aplikacji.

Paweł - Aleksandra Pietrzak, Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy

Najbardziej podobały mi się ćwiczenia/demonstracje praktyczne. Pozwalały głębiej zrozumieć naturę omawianego problemu i jak można do niego podejść.

Aleksandra Pietrzak, Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy

I liked the most this that trainer was very well prepared, very kind to everyone and presented the topic in a very interesting way. I liked a lot this that trainer looked at the application we are working on in order to check its security.

Aleksandra Pietrzak, Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy

Complex approach to the topic in connection to the practical examples, all this together with the trainer's energy and his huge experience.

Ihor - Aleksandra Pietrzak, Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy

I found the entire OWASP course to be informative and well structured. If I had to pick one aspect that stood out the most, I'd say it was the coverage of web security vulnerabilities and the practical examples shown. The course helped me understand how to apply owasp concepts in various scenarios using different tools

Piotr - Aleksandra Pietrzak, Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy

* great live-demos * good pacing * good intro to security testing

Robert McClure - Katalin Kovács, EUROPOL

Trainer was very good and knowledgeable

Katalin Kovács, EUROPOL

the content and the knowledge of the trainer

Bogdan Birou - Katalin Kovács, EUROPOL

Great and relevant examples, good speed, good excercises. Highly recommended!

Istvan Visegradi - Katalin Kovács, EUROPOL

commented examples walkthrough

Katalin Kovács, EUROPOL

Very skilled and likable trainer. Interesting topics and real life examples.

Jon Lunde - Jørn Raastad, Buypass AS

I saw some security risk being easier to use than I expected It helped us to find some security holes in our Product

- Corvil

The OWASP overview, especially slides with the specific examples of attacks. OWASP Zap tool.

- Corvil

Instructors knowledge was excellent and he was able to answer all queries about how the information taught related back to our own systems.

Paula Davies, TATA Steel

Fulvio was very knowledgeable and introduced a lot of new information in a thorough way.

Paula Davies, TATA Steel

The high level of instructor knowledge meant that we got a very good insight into the topics covered.

Dafydd - Paula Davies, TATA Steel

the reference links

Abraham Gonzalez - Andrea Sarai Villafuerte Ortiz , ATEB Servicios

The trainer's subject knowledge was excellent, and the way the sessions were set out so that the audience could follow along with the demonstrations really helped to cement that knowledge, compared to just sitting and listening.

Jack Allan - Ben Tyler, RSM UK Management Ltd.

I personally found the 2nd day the most interesting; and liked Fulvio walking through / showing some exploits to the team on the 1st couple of days... I also loved that Fulvio tailored the course to some of my questions and the initial set of questionnaires you sent out (e.g., include some secure development bits).

Ben Tyler, RSM UK Management Ltd.

The depth of knowledge Fulvio had

Ben Tyler, RSM UK Management Ltd.

he's very impressive because he know everything about the topic

Marco Julio Huelva, The Wizards@Worx Holdings Inc.

Trainer was excellent, obviously well versed in the subject matter. Real world examples given.

Alan King - Jackie Ryan, Waterford Chamber Skillnet

The subject matter is very interesting and the trainer had a vast range of knowledge on everything that was included in the course.

Damien McDonnell - Jackie Ryan, Waterford Chamber Skillnet

The usage of DaDesktop with the virtual environment was very nice to use for the exercises.

Jackie Ryan, Waterford Chamber Skillnet

Deep technical knowledge

Jackie Ryan, Waterford Chamber Skillnet

Learning more about Burp Suite, I had used this app in a very basic way and I really enjoyed and benefited from taking a deeper dive

James Richardson - Jackie Ryan, Waterford Chamber Skillnet

The discussion is very clear.

ONEASTON, INC.

Learning new things about security and the exercises

ONEASTON, INC.

Additional knowledge Agenda is followed and all topics are tackled

ONEASTON, INC.

Piotr knowledge and execution of the training day relative to the time frame we had

genU

Exposure to the most important potential security issues in web applications.

Tim McClelland - genU

On point

Genting Malaysia Berhad

Related Courses

Web Security with the OWASP Testing Framework

  28 hours
The Open Web Application Security Project (OWASP) is an online community that creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. OWASP offers web security testing
Read More...

Secure Developer Java (Inc OWASP)

  21 hours
This course covers the secure coding concepts and principals with Java through Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community which creates
Read More...

Secure Developer .NET (Inc OWASP)

  21 hours
This course covers the secure coding concepts and principals with ASP.net through the Open Web Application Security Project (OWASP) methodology of testing , OWASP is an online community which creates freely-available articles, methodologies,
Read More...

OWASP Top 10

  14 hours
The OWASP Top 10 is a community-led, open-source document developed by the Open Web Application Security Project (OWASP) Foundation that identifies the most common web application threats and vulnerabilities. OWASP Top 10 provides a comprehensive
Read More...

OWASP Web Security Testing Guide

  21 hours
The Web Security Testing Guide (WSTG) is a community-led, open-source testing resource that provides a comprehensive framework in performing security testing for web applications and services. The Open Web Application Security Project (OWASP)
Read More...

Python Programming - 4 days

  28 hours
This course is designed for those wishing to learn the Python programming language. The emphasis is on the Python language, the core libraries, as well as on the selection of the best and most useful libraries developed by the Python community.
Read More...

Website Development in PHP

  21 hours
The course familiarizes participants with the PHP language and its integration with the Web environment. The participant will learn how to make a dynamic page, write database applications and to protect applications from unauthorized
Read More...

Design Patterns in PHP

  14 hours
The course will cover the design patterns with particular emphasis on patterns used in PHP.
Read More...

Web Application Development in PHP

  21 hours
The course is designed for intermediate PHP developers who want to enrich their knowledge and learn best practices in programming and web development techniques based on object-oriented programming and design
Read More...

JavaScript - Advanced Programming

  14 hours
The training is designed for JavaScript developers, designing and implementing advanced Internet applications. Topics discussed during the training aimed at bringing best practices in JavaScript programming and highlight the most common mistakes. An
Read More...

Administration with Powershell

  35 hours
This intensive training provides the fundamental knowledge and skills to use Windows PowerShell for automating administration of Windows based computers. The skills taught in this course are applicable to all Microsoft products that use Windows
Read More...

Web Development with Symfony3

  28 hours
Symfony is a set of PHP Components, a Web Application framework, a Philosophy and a Community.
Read More...

Web application development with Flask

  14 hours
This practical course is addressed to Python developers that want to create and maintain their first web applications. It is also addressed to people who are already familiar with other web frameworks such as Django or Web2py, and want to learn
Read More...

Progressive Web Apps (PWA)

  14 hours
A Progressive Web App (PWA) is a web application that performs like a native mobile app. A Progressive Web App can be deployed as a regular website as well as a Native app on an app store. In this instructor-led, live training (onsite or remote),
Read More...

React: Build Highly Interactive Web Applications

  21 hours
React is an open source Javascript library that can be used to create interactive web and mobile applications. It is often compared to MVC frameworks such as Angular, Ember and Backbone, however, React is distinct in its focus on the UI of the
Read More...