Android Security for Pentesters aims to help students get started with Android application security and pentesting using a step-by-step, hands-on approach to finding vulnerabilities in real world Android applications. After completion of this course you will be able to perform security assessments on Android applications.
– Aditya Gupta
Instructor, Android Security for Pentesters
1. What is Android Security for Pentesters?
This course is intended for professionals who want to get started with Android Application Security and Pentesting. This is a hands-on course where you will get to reverse Android applications, find security vulnerabilities, perform debugging and API hooking, use tools like Androguard and Drozer, and a lot more.
The course takes examples from real world applications, as well as custom made vulnerable applications to give you an in-depth view of the security issues in Android applications. Once the course is completed, you should be able to take most Android applications, examine them and identify vulnerabilities. It will also serve as a really good starting point, if you want to dig deeper and research more into Android platform security.
This course is useful to security researchers, pentesters as well as Mobile application developers/testers. The training course has been previously run at a number of international security conferences all over the world, and has been very well received. This is the online version of the same class.
2. Course Syllabus
A non-exhaustive list of topics to be covered include:
- Introduction to Android
- Android Security Architecture
- Android Permissions
- Android Application Internals
- Setting up Genymotion
- Android Application Components
- DEX File Analysis
- Introduction to Android Debug Bridge
- Logging Based Vulnerabilities
- Reversing Android Applications
- Analyzing Android Malwares
- Analyzing Android Traffic
- Bypassing SSL Pinning
- Leaking Content Providers
- Introduction to Drozer
- Read based Content Provider vulnerability
- Advanced Drozer Usage
- Drozer Scripting
- Dropbox Content Provider Vulnerability
- Backup Based Vulnerability
- Client Side Injection
- Hooking Introduction and Setting up Insecure Bank
- Android Debugging with Andbug
- Debugging with JDB
- Automated Hooking with Introspy
- Cydia Substrate and Hooking
- Xposed Framework and Hooking
- Analysis and Scripting using AndroGuard
- Webview Based vulnerabilities
- Exploiting Webview with Metasploit
3. Can I see some sample videos for the course?
The total duration of the course videos is 4+ HOURS of HD content with Full English Captions. The course is fully hands-on and you will be spending most of the time doing exercises with the instructor.
The course starts from the very basics and slowly takes you to more complicated topics, making it ideal for self-paced learning. Below are a couple of sample videos from the course:
4. What do I get as a registered student?
A registered student will get the following:
- HD Download of Course Theory Videos
- HD Download of Course Exercise Videos
- Full English Captions of the Videos
- PDF Slides of the full course
- All exercise files used in the course
- Certification Exam
- PDF copy of certificate if you pass the exam
Please note that there is no student forum associated with this low-priced course.
5. How many hours is the content and will it come with captions/subtitles?
4+ hours of video content. Yes, it will have subtitles.
6. Is this Course for Novices or only for Experts?
This course is for both, novices and experts.
7. Student Testimonials
Aditya Gupta, the author, has already conducted this course at conferences and private in-person trainings around the world! Here is what his students have to say about the course:
“I have known Aditya now for around 3 years. I recently got a chance to attend his live “Android Exploitation training” at one of the popular security conferences. I was looking for a course to get started with Android Security and Exploitation for one of my upcoming projects. The training did a really nice job in getting everyone started, as well as giving hands-on experience with real world applications, which I think sets this training as one of the best I have attended. After the 2-days of intense Android Exploitation, and identifying vulnerabilities in different kind of android apps, I felt confident enough to start push my security mobile project to the next level.”
– Marius Corîci,
“I and my team had an insightful training on pentesting of android apps conducted by Aditya. The training covered various aspects of vulnerabilities in Android apps that developers can often miss to handle. Really good amount of practical and hands-on sessions focusing on reverse engineering and using various tools to exploit the vulnerabilities that existed on popular android apps. Altogether a great training put together, with the content giving a really nice idea on improving android app security.”
“I have been working with/around Android and iOS application security for a while. Regardless, I thought I would attend Aditya’s training course. The course has helped me feel some of my knowledge gaps around Android and toughed me few new tricks! Thanks, Adi. I would definitely recommend this course to anyone wishing to learn more about the technical aspect of Android and iOS security.”
Application Security Consultant – Melbourne,
8. Why Choose SecurityTube Certifications?
Our Certifications are taken by students from over 90+ countries and are Globally recognized. The Flags in the image to the left are countries from where our students belong. In addition, SecurityTube Certifications provide:
- High Quality Content at an Affordable Cost
- The most Comprehensive Course Coverage in the Industry
- Uses Open Content for Course Evaluation
- Concept Oriented, Practical Content rather than only Theory
9. Course Instructor
Aditya Gupta is the founder and trainer of Attify, a mobile security firm, and leading mobile security expert and evangelist. Apart from being the lead developer and co-creator of Android framework for exploitation, he has done a lot of in-depth research on the security of mobile and hardware devices, including Android, iOS, and Blackberry, as well as BYOD Enterprise Security.
He is also the author of the popular Android security book “Learning Pentesting for Android” selling over 10000+ copies, since the time of launch in March 2014. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype, and many more. He has also published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.” In his previous work at Rediff.com, his main responsibilities were to look after web application security and lead security automation. He also developed several internal security tools for the organization to handle the security issues.
He has also previously spoken and trained at numerous international security conferences including Black Hat, Syscan, OWASP AppSec, Toorcon, Clubhack, Nullcon etc, along with many other corporate trainings on Mobile Security.
10. Course Enrollment and Payment
Buy now with Paypal!
If you cannot use Paypal, please drop us an email at feedback @ binarysecuritysolutions.com for alternate options for payment.
11. Contact Us
We have compiled a FAQ below:
1. What is the course duration? when does it start / stop ?
The Android Security for Pentesters course is completely self paced. There is no duration of the course or expiry period. You can download all the course material from the students portal and watch at your own convenience.
2. What is your Refund Policy?
A: Once a course is purchased, no refund is possible. Our goods are digital (course videos, PDF copy of course slides) and once a student has downloaded them, he has full access to our copyrighted material. We would recommend you have a look at the FREE videos we have given out to access the quality of our course material and instructors before making a decision.
Please use the form below if you have any additional questions not answered by this page and we will get back to your ASAP: