Course Outline

Introduction

Overview of the OWASP Mobile Security Testing Guide

  • Key areas in mobile app security
  • The OWASP Mobile AppSec Verification Standard (MASVS)
  • Navigating the guide
  • Mobile app taxonomy

Understanding Mobile App Security Testing Basics

  • Mobile app security checklist
  • Testing principles
  • Setting testing objectives
  • Development lifecycle security testing

Running General Testing Techniques for Mobile Apps

  • Authentication architectures
  • Testing network and cryptography
  • Testing code quality
  • Tampering and reverse engineering
  • Mobile app user interaction

Exploring Android and iOS Platforms

  • Android platform overview
  • Data storage on Android
  • iOS platform overview
  • Data storage on iOS

Performing Security Testing for Android

  • Android basic security testing
  • Testing data storage
  • Local authentication
  • Android APIs (cryptographic, network, and platform)
  • Code quality and build settings for apps
  • Tampering and reverse engineering
  • Anti-reversing defenses

Performing Security Testing for iOS

  • iOS basic security testing
  • Testing data storage
  • iOS APIs (cryptographic, network, and platform)
  • Code quality and build settings for apps
  • Tampering and reverse engineering
  • Anti-reversing defenses

Contributing to the MSTG Community

  • Reading the MSTG
  • Contribution guide
  • Feature requests and feedback

Summary and Conclusion

Requirements

  • A general understanding of mobile app development lifecycle
  • Experience in mobile application development, security, and testing

Audience

  • Developers
  • Engineers
  • Architects
 21 Hours

Testimonials (3)