-
Accessing Application Databases
After watching this video; you will be able to retrieve and access an Android application database.
-
Analyzing Android Device Mount Points
After watching this video; you will be able to analyze Android File System mount points on a typical Android device; specifally root; /system; /cache; /data; /mnt/sdcard; and /mnt/secure/asec.
-
Analyzing Application Traffic and Data
After watching this video; you will be able to perform a penetration test using any pen test tool of choice to intercept and analyze non-browser application traffic.
-
Analyzing Network Traffic Using Wireshark
After watching this video; you will be able to analyze network traffic on an Android device using Wireshark.
-
Creating a Signing Key and Certificate
After watching this video; you will be able to create an Android application signing key and certificate in Android Studio.
-
Creating an Android Device Image
After watching this video; you will be able to create a system image for an Android device.
-
Declaring Application Permissions
After watching this video; you will be able to add a permission declaration for an Android appliaction in its Manifest permissions file.
-
Declaring Custom Permissions
After watching this video; you will be able to declare a custom permission in a Manifest permissions file.
-
Enabling the ProGuard Tool in Android SDK
After watching this video; you will be able to enable the ProGuard code obfuscation tool in Android SDK.
-
Enforcing Application Permissions
After watching this video; you will be able to locate and modify the Manifest permissions file on Android emulator to secure an Android application.
-
Enforcing Permissions
After watching this video; you will be able to describe how permissions are enforced at the kernel level; native daemon level; and the framework level in Android OS.
-
Examining Android Device Directory Structure
After watching this video; you will be able to examine Android device directory structure.
-
Examining Android File Systems
After watching this video; you will be able to examine Android file systems; specifically YAFFS; YAFFS2; ext2; ext3; ext4; and vfat.
-
Examining Network Activity with BusyBox
After watching this video; you will be able to carry out a penetration test on an Android device using BusyBox.
-
Exploring Mobile Browser Vulnerabilities
After watching this video; you will be able to describe Android mobile browser vulnerabilities.
-
Exploring the /data/data Directory
After watching this video; you will be able to explore the contents of the /data/data directory; especially shared_prefs and lib directories.
-
General Steps for Carrying out a Penetration Test
After watching this video; you will be able to describe main steps for carrying out a generic penetration test on Android OS and devices.
-
Getting Familiar with Activity Lifecycles
After watching this video; you will be able to define an activity and describe activity stack and callback methods used to implement activity lifecycles.
-
Getting Familiar with Android Application Services
After watching this video; you will be able to describe how to start; bind; and create an application service; as well as how to declare a service in the Manifest.xml file.
-
Getting Familiar with Code Signing
After watching this video; you will be able to describe the process of application code signing.
-
Identifying Android Malware
After watching this video; you will be able to describe the methodology used for identifying malware on Android.
-
Identifying Application-based Permissions
After watching this video; you will be able to identify application-based permissions; specifically Android Manifest Permissions.
-
Identifying Common Application Security Risks
After watching this video; you will be able to identify common mobile device security issues.
-
Installing Android Standalone SDK Tools
After watching this video; you will be able to download and install the Android stand-alone SDK tools package.
-
Installing the Android Studio IDE
After watching this video; you will be able to download and install the Android Studio IDE.
-
Intercepting Browser Application Traffic
After watching this video; you will be able to use Burp suite to intercept traffic for a browser application on a virtual Android device.
-
Leveraging Linux Security Services to Protect Data
After watching this video; you will be able to use Linux security services to protect Android application data.
-
Overview of Android Software Stack Layers
After watching this video; you will be able to describe Android software stack layers.
-
Overview of Application User Protection Levels
After watching this video; you will be able to define the user protection levels that can be assigned in a Manifest permissions file.
-
Overview of Storage Options for Application Data
After watching this video; you will be able to describe storage options for Android application data.
-
Overview on Android Security Concerns in Enterprise
After watching this video; you will be able to describe Android security concerns that ought to be addressed in the enterprise environment.
-
Overview on Penetration Testing Methodology
After watching this video; you will be able to describe Android device penetration testing methodology.
-
Packaging an Android Application
After watching this video; you will be able to securely package an Android application.
-
Penetration Testing Best Practices
After watching this video; you will be able to describe the Android app development best practices against which penetration tests should be carried out.
-
Scanning a Network Using Nmap
After watching this video; you will be able to carry out a network scan using Nmap.
-
Understanding the Android Environment
After watching this video; you will be able to describe the major components of the Android environment; specifically the Android SDK; Eclipse IDE and ADT tools (DDMS; adb).
-
Understanding Android Application Framework
After watching this video; you will be able to describe the Android application framework layer services; specifically the resource manager; activity manager; location manager; notification manager; package manager; views; and content providers.
-
Understanding Android Runtime Components
After watching this video; you will be able to describe Android runtime components; specifically the Dalvik VM and Core Libraries.
-
Understanding Compliance and Audit Considerations
After watching this video; you will be able to describe compliance and audit considerations that must be taken into account when developing Android apps for enterprise.
-
Understanding Permissions Assignment
After watching this video; you will be able to describe how permissions and process attributes are assigned in Android OS.
-
Understanding the Linux Kernel
After watching this video; you will be able to describe how the Linux kernel provides security on the Android platform; including Linux permissions enforcement.
-
Updating an Android Application
After watching this video; you will be able to securely update an Android application.
-
Using Code Signing to Protect Application from Malware
After watching this video; you will be able to use code signing to protect Android application code from malware attacks.
-
Using Recommended Security Practices for Mobiles
After watching this video; you will be able to describe recommended security practices for mobiles in the enterprise environment.
-
Using Reverse Engineering to Reveal Threats
After watching this video; you will be able to describe the general methodology used to reverse engineer an Android application so as to reveal malicious threats.
-
Using Untrusted Devices; Applications; and Networks
After watching this video; you will be able to describe considerations for using user-owned; untrusted devices as well as untrusted applications and networks.
-
Working with Device Administration Policies
After watching this video; you will be able to extract various kinds of data from Android devices; specifically SMS messages; contact information; and application database information.
-
Working with Root Access
After watching this video; you will be able to root an Android device so that it can be analyzed.
-
Working with Shared User IDs
After watching this video; you will be able to describe how permissions are granted and managed for applications with shared user IDs.
-
Working with Untrusted Systems and Content
After watching this video; you will be able to describe considerations for dealing with untrusted systems and content on an enterprise network.
-
Android Architecture, Protection, and Development Best Practices
Given the relatively open nature of the Android development environment, developers ought to have a clear understanding of the OS structure, as well as how to securely protect application code. In this course, you will be introduced to the Android environment and overall architecture, and will also be presented with a basic understanding of key Android OS security features. You will also learn how to protect Android application code and will learn about best practices to employ when developing secure Android applications.
- start the course
- describe the major components of the Android Environment, specifically the Android SDK, Eclipse IDE and ADT, Tools (DDMS, ADB)
- download and install the Android standalone SDK tools package
- download and install the Android Studio IDE
- describe how the Linux kernel provides security on the Android platform, including Linux permissions enforcement
- describe Android runtime components, specifically the Dalvik VM and Core Libraries
- describe how to start, bind, and create an application service, as well as how to declare a service in the Manifest.xml file
- define an activity and describe activity stack and callback methods used to implement activity lifecycles
- describe the Android application framework layer services, specifically the Resource Manager, Activity Manager, Location Manager, Notification Manager, Package Manager, Views, and Content Providers
- describe Android software stack layers
- define the user protection levels that can be assigned in a Manifest permissions file
- describe the process of application code signing
- securely package an Android application
- install and test operation of the Android Debug Bridge tool from the standalone SDK tools package
- identify application-based permissions, specifically Android Manifest Permissions
- enable the ProGuard code obfuscation tool in Android SDK
- create an Android application signing key and certificate in Android Studio
- use code signing to protect Android application code from malware attacks
- use Linux security services to protect Android application data
- describe how permissions and process attributes are assigned in Android OS
- describe how permissions are granted and managed for applications with shared user IDs
- declare Android application permissions in a Manifest permissions file
- describe how permissions are enforced at the kernel level, native daemon level, and the framework level in Android OS
- declare a custom permission in a Manifest permissions file
- identify the permissions for a sample application and sign application code in Android Studio
-
Android Security Vulnerabilities, Testing, and Enterprise Considerations
There are a variety of tools and methods available for testing Android applications so as to expose any potential vulnerabilities prior to deployment in either a public market or enterprise environment. In this course, you will learn about various vulnerabilities as they pertain specifically to Android applications, and you will also learn how to secure Android devices and applications for the enterprise environment. You will also learn how to plan and carry out penetration testing using a variety of tools and best practices, in addition to performing forensics and hacking techniques on Android applications so as to be able to better secure them prior to deployment on a public market.
- start the course
- identify common mobile device security issues
- describe the methodology used for identifying malware on Android
- describe the general methodology used to reverse engineer an Android application so as to reveal malicious threats
- describe Android mobile browser vulnerabilities
- describe Android security concerns that ought to be addressed in the enterprise environment
- describe compliance and audit considerations that must be taken into account when developing Android apps for enterprise
- describe considerations for using user-owned, untrusted devices as well as untrusted applications and networks
- describe considerations for dealing with untrusted systems and content on an enterprise network
- describe recommended security practices for mobiles in the enterprise environment
- identify device administration policies and describe how they are implemented on an Android device
- describe Android device penetration testing methodology
- describe main steps for carrying out a generic penetration test on Android OS and devices
- carry out a network scan using Nmap
- install and use BusyBox on an Android device to examine its network port and socket activity
- analyze network traffic on an Android device using Wireshark
- use Burp suite to intercept traffic for a browser application on a virtual Android device
- describe the Android app development best practices against which penetration tests should be carried out
- analyze Android device mount points
- examine some file systems that typically exist on an Android device
- examine Android device directory structure
- describe storage options for Android application data
- explore the contents of the application data directory for default Android e-mail application
- identify the advantages and pitfalls of enabling root access on an Android device
- create a system image for an Android device
- retrieve and access an Android application database
- capture and analyze traffic from a sample application, retrieve its database, and view its database contents
