Android Application Penetration Testing Raja Nagori

$ Whoami • Raja Nagori • Cyber Crime Intervention Officer by ISAC (NSD). • Synack Red Team Member • OWASP Open Source Contributor • Bachelor’s Degree in Computer Science Engineering • LinkedIn : https://www.linkedin.com/in/raja-nagori/

Course Content • Mobile application penetration testing resources • Testing Process • Web Application Penetration Testing Process • Android Penetration Testing Process • Android Penetration Testing walkthrough with setup

Android Penetration Testing – Lab Setup • Android Security Architecture • Basic of Android Security • Lab Environment setup • Kali Linux • JDAX-GUI • Apktool • MobSF

Android Penetration Testing – Static Analysis of apk • Any Vulnerable apk available open source • Statis Analysis • Android Manifest • Activities • Content Providers • Firebase • Storage Buckets • Automated analysis using MobSF framework • Stored Secrets/ API Keys

Android Penetration Testing – Dynamic Analysis of apk • Introduction to SSL Pinning • Bypassing SSL Pinning with BurpSuite • Introduction to Frida/Objection • Working with Frida • Working with Objection • Reverse engineering of apk • Dumping Memory and Sensitive Data • Run time local storage analysis

See you on next chapter of this series