Certified Mobile Application Security Professional

With more than 8 years of experience in this field, we have derived a “PROVEN ROADMAP” that has helped thousands of beginners like you to become a successful Ethical Hacker.


Course Type



Training Mode 


20 (Approx.)

60 HRS (Approx.)


Course Overview


Are you a pen tester who can test web applications? Are you good with web application scanners? Are you good at finding if a site is vulnerable to SQL injection and XSS? Do you know how to test for CSRF weaknesses? Have you heard about DOM XSS and Server-Side Request Forgeries? Have you tested applications for HTML5 Security? Maybe you have tried to find such vulnerabilities in the past but weren’t confident of your tools and approaches.

This 1-month course with complete hands-on exercises will teach you to exploit security vulnerabilities like never before. You will be able to identify, detect and exploit advanced attacks that you may be aware of but haven’t tried in real world security testing.

All of the above and more in a realistic scenario-based learning environment with the same tools’ attackers use to hack and compromise web applications on the Internet is what this course is all about.

Salient Features

Exciting Bonus


  • Overview on Mobile Device
  • Risks Associated with the Data Stored on Mobile Device
  • Introduction to OWASP Mobile Top 10 Project
  • OWASP Mobile Top 10 2014
  • OWASP Mobile Top 10 2016
  • OWASP Mobile Top 10 2014 Vs. 2016
  • Understanding Android Architecture
  • Android Security Model
  • Application Isolation
  • Secure Interprocess Communication (IPC)
  • Application Lifecycle
  • APK Generation
  • What is inside an APK?
  • Components of APK
  • Android Permission Model
  • Application Signing
  • Application Verification
  • Application Sandbox
  • Application Permissions
  • UI Input
  • Network
  • IPC
  • Internal Storage | External Storage
  • Structure of xml file
  • Understanding xml file
  • Identifying Security Issues
  • Static & Dynamic Analysis of Security Issues
  • List of Tools to be installed
  • Brief understanding of tools
  • Android Pentesting Distros
  • Alternative & Easy Way to setup the lab quickly without any Distros
  • Reverse Engineering
  • Analyzing Permissions through xml
  • Insecure Hardcoding – API Keys Leakage
  • Insecure Hardcoding – Authentication Token
  • Insecure Hardcoding – Internal IP Disclosure
  • Insecure Hardcoding – Embedded Third-Party Secrets
  • Insecure Hardcoding – Sensitive Information Disclosure
  • Clear text data in Logs
  • Risky Java APIs
  • Weak Hashing Algorithm
  • Predictable Random Number Generator
  • Weak Encryption Implementation
  • Weak Initialization Vector
  • Weak Encoding Usage of banned API functions
  • Cleartext SQLite database
  • Temp File Creation
  • Android Pasteboard vulnerability
  • Android keyboard cache issues
  • Android Backup Vulnerability
  • Insecure SD Card storage
  • Developer Backdoor
  • Insecure HTTP Connection
  • Setting up Burp Suite
  • Untrusted CA Acceptance
  • Certificate Pinning
  • SQL Injection
  • Local File Inclusion
  • Cross Site Scripting
  • HTML Injection
  • Application-Level Denial of Service (DoS) Attack
  • Session Misconfigurations
  • Weak Authorization Mechanism
  • Intent Sniffing and Injection
  • Flawed Broadcast Receiver
  • Exploiting Debuggable Apps
  • Introduction to Frida – A Dynamic Instrumentation Toolkit
  • Setting up Frida Server
  • Setting up Frida CLI
  • Root Detection Bypass
  • Certificate Pinning Bypass
  • Playing with Frida Scripts
  • Runtime Mobile Security
  • Automating Frida
  • Secure Code Review
  • Automated Static, Dynamic & Runtime Analysis
  • iOS Security Mechanisms & Security Architecture
  • Secure Boot Chain
  • Model View Controller (MVC) And Event Driven Architecture
  • ARM Processor
  • Application Isolation
  • Data Encryption & Network Security
  • iOS Security Model
  • iOS File System isolation
  • Application Sandbox
  • iOS Device Architecture
  • Analysing Application Permissions
  • iOS App Development Background Concepts
  • Simulator Vs. Emulator
  • XCode Methodologies
  • iOS Simulators
  • Jailbreaking Essentials
  • Jailbroken Device Lab Setup
  • Exploring Custom App Stores
  • iOS Pentesting Tools Setup
  • Static Code Analysis of an iOS application
  • Need for Static Analysis Sources for Static Analysis
  • IPA File Package Container
  • IPA File Initialise on Device IPA Manual File Installation
  • Code Resources
  • Tampering with IPA Content
  • Investigating View Controllers
  • Investigating Info.plist file
  • Listing all CFUR Types on a Device Investigating Binaries
  • Understating of iOS Binary Application Structure Encryption
  • Decrypting Applications Binaries
  • Investigating Binary Content of App
  • Scanning iOS applications
  • Burp Suite Essentials
  • Certificate Pinning
  • Runtime Analysis with Cycript
  • Working with Cycript + Class-dump-Z
  • Snoop-it & Keychain Dumper
  • Working Frida and Objection for Dynamic Analysis
  • Local Data Storage Issues
  • Insecure Cryptography Attacks
  • Attacking URL Schemes
  • Client -Server API and Web attacks
  • Privilege Escalation Methodologies
  • Basics of Machine Level Analysis
  • Sensitive Files Issues at Memory Level
  • Runtime Analysis & Manipulation with GDB, IDA, Hooper
  • Audit iOS applications
  • iOS Secure Development Best Practices
  • Course Complication Certificate


Upcoming Batches