Course Outline
Introduction
Overview of the OWASP Mobile Security Testing Guide
- Key areas in mobile app security
- The OWASP Mobile AppSec Verification Standard (MASVS)
- Navigating the guide
- Mobile app taxonomy
Understanding Mobile App Security Testing Basics
- Mobile app security checklist
- Testing principles
- Setting testing objectives
- Development lifecycle security testing
Running General Testing Techniques for Mobile Apps
- Authentication architectures
- Testing network and cryptography
- Testing code quality
- Tampering and reverse engineering
- Mobile app user interaction
Exploring Android and iOS Platforms
- Android platform overview
- Data storage on Android
- iOS platform overview
- Data storage on iOS
Performing Security Testing for Android
- Android basic security testing
- Testing data storage
- Local authentication
- Android APIs (cryptographic, network, and platform)
- Code quality and build settings for apps
- Tampering and reverse engineering
- Anti-reversing defenses
Performing Security Testing for iOS
- iOS basic security testing
- Testing data storage
- iOS APIs (cryptographic, network, and platform)
- Code quality and build settings for apps
- Tampering and reverse engineering
- Anti-reversing defenses
Contributing to the MSTG Community
- Reading the MSTG
- Contribution guide
- Feature requests and feedback
Summary and Conclusion
Requirements
- A general understanding of mobile app development lifecycle
- Experience in mobile application development, security, and testing
Audience
- Developers
- Engineers
- Architects
Testimonials (6)
See live real-time implementation of activities using sample application investigation/cracking tools.
Paweł - Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy
Course - Web Security with the OWASP Testing Framework
Machine Translated
You can really tell that Piotr is an expert on pen testing, he really showed skills and knowledge.
Ruben - Waterford Chamber Skillnet
Course - OWASP Top 10
having a one to one session with Raymond was amazing he was really great and attentive to all my training needs.
Joshua
Course - Secure Developer .NET (Inc OWASP)
Very friendly, we could talk as we wanted, everything went well.
Axel - Université Libre de Bruxelles
Course - Advanced TypeScript
Machine Translated
Well planned. Without much foundation, I didn't get lost and I knew where I was. Issues from general to specific provide the basis for further work in your own field.
Andrzej - TENSOFT Sp. z o.o.
Course - Design Patterns in PHP
Machine Translated
Comprehensive look an all topics. A lot of teaching by example and a great repository of knowledge Mike left built with us.