In today’s mobile-first world, Android applications are integral to the digital ecosystem. However, many Android applications are prone to security vulnerabilities due to
improper configurations, insecure coding practices, and a lack of proper security measures.
This hands-on, in-depth training will provide participants with the knowledge and skills
necessary to
1. Secure Android applications against common attacks,
2. Reverse engineering techniques, and
3. Provide solutions for mitigating these risks.
The training will cover both foundational and advanced aspects of Android Application security, enabling developers, security researchers, and enthusiasts to understand the full spectrum of Android application security.
With 1.59 million apps available on Google Play as of December 2024 and 26.1 thousand new apps launched in November 2024, the importance of ensuring secure Android applications cannot be overstated. This training will empower participants to build robust and secure applications that meet the challenges of today’s rapidly evolving threat landscape.
Comming Soon!
● Knowledge of basic security
● Familiarity with application security concepts (e.g., encryption, authentication).
Operating System : Windows 10/11, macOS Monterey or later, or Linux (Ubuntu
20.04 or later recommended).
Processor : Quad-core processor (Intel i5/i7 or AMD Ryzen equivalent).
RAM : At least 8 GB (16 GB recommended for better performance during emulation and reverse engineering tasks).
Storage Minimum : 256 GB of free storage space.
Recommended : SSD for faster performance during tool
installations and virtual machine usage
Virtualization : Support Ensure the computer’s BIOS/UEFI settings support hardware virtualization (VT-x for Intel or AMD-V for AMD)
Android Device Physical devices are not needed. We will be using the emulators. Further instructions will be provided during the training.
By the end of this training, participants will be able to:
1. Understand the Android OS Security Architecture and key components
involved in securing Android apps.
2. Intercepting the HTTP & HTTPS and bypassing Network Security Config
3. Implement the Certificate Pinning to prevent man-in-the-middle (MITM) attacks.
Bypass and protection techniques.
4. Understand Deep links and vulnerabilities associated with it
5. Firebase db misconfiguration and related vulnerabilities
6. Detect and prevent root access on Android devices, and understand popular root
detection techniques.
7. Runtime Application Self Protection (RASP)
8. Identify and mitigate insecure local data storage and sensitive data leakage in
mobile apps.
9. Conduct reverse engineering of Android apps and understand common bypass techniques.
10. Utilize Frida and Objection for runtime manipulation and dynamic analysis.
11. Identifying the secrets
12.Static analysis using various tools
13. Automation using Python
14. Understanding of DevSecOps and Shift-left Security
15. Scan Android applications for vulnerabilities using Secrets Scanning and tools
like Mobile Security Framework (MobSF) in CI/CD.
16. Pre-commit hooks to identify and prevent vulnerabilities in developers’
machines before pushing the code to VCM.
17. Protect mobile apps from common attacks on application components and
implement best practices in security.
● Android Developers looking to enhance their understanding of mobile app
security.
● Security professionals wanting to expand their skills in mobile application security
testing.
● Researchers and hobbyists interested in learning how to secure Android apps
and perform penetration testing.