MAS – Mobile Application Security

Overview:

Mobile Application Security focuses on approaches for assessment and vulnerability testing of Mobile apps. The 8 hour intensive program covers right from basics of Mobile architecture to Application creation and testing. It focuses on two most popular mobile platforms – Symbian and Android.

Objectives:

The objective of Mobile Application Security (MAS) is to:

  • Provide overview of Mobile Architecture
  • Cover Mobile App creation basics
  • In-depth Symbian Hacking
  • In-depth Android Hacking
  • App testing process

Duration: 1 Day ( 8 hrs )

Module One: Introduction

  • Basics of ARM processor.
  • What is RISC?
  • What is a Firmware?
  • What are the different ways to start developing for a Mobile Device.
  • The Basic Principles of developing Secure Code.
  • Common Mobile Device Platforms/OSes
  • What does ‘hacking a Mobile Device’ mean?
  • Absolute Basic course of ARM Assembly.

Module Two: Java Applications

  • What is J2ME?
  • Concept of Portable Code.
  • Understanding the basics of Wireless Toolkit.
  • Basics of the Java Security Model.
  • Labs: Creating a very simple J2me based Application & testing it.

Module Three: J2ME : In-depth

  • What is Java Bytecode?
  • Concept of Decompilation.
  • Decompiling a simple J2me Application.
  • Understanding the logic of the application.
  • Patching a J2ME Application.
  • Labs: Decompiling, Reversing, Patching & Testing a J2ME Based Application

Module Four:  Symbian Architecture

  • Understanding the Basics of the Symbian Architecture.
  • Understanding the Symbian Capability Model.
  • The basics of the ‘SIS’ format.
  • The concept of Symbian Signed.
  • Understanding the difference between Symbian C++, Open C/C++, WRT , PyS60 & so on.
  • Labs: Developing a simple native Symbian Application (.sis) using Symbian SDK

Module Five: Symbian App Development: In Depth

  • Concept of Debugging
  • Concept of Disassembly
  • Understanding the Basics of Disassembling a SIS application.
  • On-Device Debugging Using Carbide C++ – IDE
  • Reverse Engineering a SIS application.
  • Labs: Reverse Engineering a SIS Application using IDA Pro.

Module Six: Android Architecture

  • Application Architecture
  • Components – activating and shutting down
  • Manifest files and intent filters
  • Activities and tasks
  • Processes and threads
  • Component lifecycle

Module Seven: Android Development and testing: Overview

  • Application resources
  • Data storage
  • Graphics
  • Testing using Android JUnit
  • Activity testing
  • Content provider testing
  • Service testing

Certification

MAS Certification requires clearing the Orchidseven Lab exam.