Contact US : +919999508202 [email protected]
Select Page

android for pentesters

Android for pentesters aims to provide a holistic android app security guideline with a control checklist. It lists the best practices to protect applications from malware attacks. This training covers the entire Android application security model for both developers and users. 

Enterprises develop Android applications at breakneck speed to meet business needs. And, yet they fail to consider Android security as part of their app development focus.

with Android for pentesters training candidate will be able to evaluate the security vulnerabilities of built-in and third-party mobile applications. You’ll learn how to bypass platform crypto ,encryption and manipulate apps to circumvent client-side security techniques. You’ll leverage automated and manual mobile application dynamic analysis tools to identify deficiencies in mobile apps network traffic, file system data storage, and inter-application communication channels. By Understanding and identifying vulnerabilities and threats to Android devices is a valuable skill, but it must be pair with the ability to communicate the targeted risks.

Throughout the Android for pentesters training course, you’ll review ways to effectively communicate issues to key stakeholders. You’ll leverage Pentesting tools, including Mobile App Report Card, to characterize threats for top level people and decision-maker, while also identifying sample code and libraries that developers can use to address risks for in-house application.

Mobile device deployment introduce new threats to enterprises, including advanced malwares, data leak, and the disclosure to attackers of organization secrets, intellectual properties, and personally identifiable information data assets. Further complicating matters, there are not enough people with the security skills needed to identify and manage secure mobile phone and tablet deployments. By completing this certified android for pentesters training course, you’ll be able to differentiate yourself as someone who prepared to evaluate the security of android devices, effectively assess and identify flaws in android applications, and conduct a android device penetration test – all critical skills to protect and defend mobile device deployments.

Android for pentesters - aps-101 1

detailed syllabus

Android security foundations

  • Mobile device overview
  • Android Architecture and Security Models
  • Mobile security frameworks and methodologies
  • Android Application Threat modeling
  • Android application security checklist for pentesters
  • BYOD guidelines in the organisations
  • Setting up lab OS and environments for the Android Security testing
  • Setting Up device for pentesting
  • SSL unpinning
  • Debugging Detection and prevention
  • Root Detection and Defenses 
  • Investigating malfunctioned applications
  • Android Secure code guidelines
  • Android application security report writing guidelines
  • Scanning android applications 
  • Setting up burpsuite and fiddler proxy for android exploitation
  • Automating the Code quality check process
  • Frida for android Pentesters
  • Objection for android pentesters

dynamic analysis part -1

  • Reversing engineering of android APks
  • Analyzing permissions from manifest.xml files
  • Insecure Hardcoding – API Keys Leakage
  •  Insecure Hardcoding – Authentication Token
  •  Insecure Hardcoding – Internal IP Disclosure
  •  Insecure Hardcoding – Git Repository Disclosure
  •  Insecure Hardcoding – Embedded Third-Party Secrets
  •  Insecure Hardcoding – Sensitive Information Disclosure
  • Clear text data in Logs
  • Race Conditions in the vulnerable code
  • Insecure Java functions in application code
  • Weak encryption implementation detections
  • Weak Hashing Algorithms
  • Predictable Random Number Generators (PRNG)
  • Weak Encryption Implementation (AES-ECB)
  • Weak Initialization Vectors (IV) (AES-CBC)

dynamic analysis part -2

  • Weak Encoding identification in the code
  • Untrusted CA acceptance
  • Usage of banned API functions
  • Self-signed CA enabled in WebView
  • Cleartext SQLite database
  • Temporary file creation analysis
  • Insecure Logging mechanism
  • Android Pasteboard vulnerability
  • Android keyboard cache issues
  • Android Backup vulnerability
  • Insecure SDCard storage
  • Insecure HTTP connections
  • Parameter Manipulation
  • Developer Backdoors
  • Weak change password implementation
  • SQL Injection in android applications
  • Local file inclusion 
  • Cross-site scripting attack
  • Client-Side Scripting injection in android apps
  • Remote code execution in android apps
  • Application-Level Denial-of-Service attacks
  • Flawed Broadcast Receivers
  • Intent Sniffing and Injection
  • Weak Authorization mechanism
who should attend this training?
  • Freshers
  • Ethical hackers
  • System Administrators
  • Network Administrators
  • Engineers
  • Web admins
  • Auditors
  • Security Professionals
why should i take this training?

The era of technology is now growing every day but due to dependency on technology cyber frauds and attacks are also increased so to take defense for yourself and your business this is best suitable training to take entry in this domain.

prerequisite of the training ?

The person should familiar with basic computer operations 

what is the total duration of the training ?

Its an Instructor-led online training and the total duration of the training is 20 hours.


What People Are Saying

Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

Ravi S

Cyber Security Consultant , Red Hawk

We're Here To Help!


3500 , 1st Floor , Raja Park , New Delhi -110034


M-S: 10am - 11pm