Android App Penetration Testing

Android App Penetration Testing
Android App Penetration Testing

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 35m | 257 MB
eLearning | Skill level: Advanced


Android applications are exposed to a variety of security risks that threaten the integrity of your apps and the safety of your end users. In this course, join instructor Prashant Pandey as he shares a structured, comprehensive approach for testing Android apps to uncover some of the most common of these vulnerabilities, demonstrating how to leverage key pen testing tools and frameworks along the way. Prashant starts with the basics, covering the essential aspects of Android pen testing. He then delves into four major tools and frameworks—MobSF, Burp Suite, Android Debug Bridge (adb), and drozer—each catering to one specific aspect of Android app security. Learn how to approach network communication security, static and dynamic application testing, platform integration testing, and more.

Topics include:

  • Web vs. Android security
  • Domains of Android security
  • Code-level security
  • Static application testing with MobSF
  • Dynamic application testing with Burp Suite
  • Platform interaction testing
+ Table of Contents

1 Pentesting Android apps
2 What you should know
3 Overview of Android
4 Activity and services
5 Content providers and receivers
6 Web vs. Android security
7 Domains of Android security
8 Common terminologies
9 Lab setup
10 Introduction to MobSF
11 Setting up MobSF
12 Scanning target applications
13 Manifest analysis
14 Code analysis
15 Introduction to Burp Suite
16 Burp Suite setup on workstation
17 Burp Suite setup on test device
18 Application testing Brute force
19 Application testing Password change
20 Introduction to Android Debug Bridge
21 Basic adb commands
22 Testing platform Insecure logging
23 Testing platform Insecure data storage
24 Introduction to drozer
25 drozer architecture
26 drozer setup
27 Sieve application overview
28 Basic commands
29 Activity testing
30 Content provider testing
31 Content provider testing SQL injection
32 Mobile OWASP Top 10
33 Next steps