Professional Documents
Culture Documents
OSMAP - Course Outline
OSMAP - Course Outline
Course Overview:
Penetration testers and IT-security professionals who are already well-versed in network-layer and web-application
penetration testing will find that mobile application pentesting comes with a completely different set of challenges
which requires different approaches and skills. In line with our tradition of developing and providing cutting-edge
real-world technical IT-security-centric courses such as the Organizational Systems Security Analyst™,
Organizational Systems Wireless Auditor® and Organizational Systems Web Application Pentester®, the
Organizational Systems Mobile Application Pentester™ takes a ground-up approach to educating attendees about
all aspects of practical mobile application security-testing, beginning at understanding the code-level fundamentals
of the two most popular mobile application platforms (Android and iOS) and expounding on mobile-application-
specific protocols, mobile application dynamic analysis and mobile application exploitation techniques. Guiding the
technical teachings throughout the course are applied principles from Sun Tzu's "Art of War" which add an
additional dimension and timeless perspective to the art of mobile application pentesting.
This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral and specialized approach to
practical security testing of mobile applications. By equipping attendees with the proper knowledge and technical
skillsets, the Organizational Systems Mobile Application Pentester™ is intended to arm professional penetration
testers and application developers with the proper skills, techniques and tools to conduct consistent and
comprehensive mobile application security tests.
While the programme syllabus should be used to determine if this programme is appropriate for the attendee based
on their current skills and requirements, the course aims to induct all attendees with the following:
• A solid understanding about the security postures of mobile applications deployed over the two most
commonly-used mobile operating systems used by both organizations and individuals.
• How to prepare for and conduct mobile application security testing.
• The ability to profile and analyze mobile application defenses.
• Comprehensive technical understanding of how to exploit mobile applications using a wide variety of
techniques.
• Proper selection and usage of the appropriate tool for the relevant mobile application vulnerability.
• How to recommend countermeasures based on mobile security audit results.
With a wide variety of practical classroom labwork, the Organizational Systems Mobile Application Pentester™ is
ideal for professional security testers, application security developers, internal audit teams and those who want to
know how to conduct comprehensive technical penetration testing against Android- and iOS-based mobile
applications.
Page 1 of 2
The Organizational Systems Mobile Application Pentester and its logo are trademarks of THINKSECURE PTE LTD in Singapore and trademarks of THINKSECURE PTE LTD in certain other countries. All other trademarks property of their respective owners.
Course Outline:
Practical coursework is interspersed throughout the course and the
following is a brief course module outline:
Part 1: Mobile Application Auditing Part 10: File & Networking Monitoring
Proliferation of BYOD policy Sun Tzu's Guiding Principle
Apps As Data Custodian App File Monitoring
Examples Of Vulnerable Apps Dmesg / logcat
OWASP Top 10 Mobile Risks Network Monitoring
Web / Non Web Interception
Handling SSL Certificate Pinning
Part 2: iOS Device Fundamentals
Sun Tzu's Guiding Principle
iOS Device Fundamentals Part 11: Android Security Architecture
iOS Device Boot Process Sun Tzu's Guiding Principle
iOS Device Upgrade / Downgrade Application Fundamentals
About Plist Security Controls
About Sqlite Application Components
Application Internals
Page 2 of 2
The Organizational Systems Mobile Application Pentester and its logo are trademarks of THINKSECURE PTE LTD in Singapore and trademarks of THINKSECURE PTE LTD in certain other countries. All other trademarks property of their respective owners.