Cart
Register
Sign in
Mobile Security Expert
(Android)

Instructor-led training
(3 sessions)
€ 2.000

Do you want to become an Android mobile security expert and learn how to attack but also secure mobile applications?

This course is your ultimate gateway to mastering the art of protecting mobile applications.

I want to become a Mobile Security Expert (Android)

Fill in the following form and we'll notify you when registration opens.

You want to train your team?

Get a quote

Τake your skills to the next level!

Dive into the internals of Android and explore the essential security practices for mobile application development and learn to identify, search for, and exploit vulnerabilities effectively.

From understanding the intricacies of mobile security architecture to leveraging powerful tools like Frida, Objection, and Corellium, you’ll dive deep into real-world scenarios and hands-on labs that prepare you to tackle modern threats. Whether you’re a developer, security professional, or simply passionate about safeguarding mobile platforms, this course equips you with the knowledge and practical expertise to stand out in the industry. 

What You’ll Learn:
📱 Overview of iOS architecture and ecosystem dynamics.
📱Exploration of security features native to iOS using Objective-C and Swift.
📱Mobile Application Threat Model
📱Introduction to industry mobile security standards
📱Setting up and preparing a mobile security testing lab
📱Secure Coding Overview
📱Secure storage
📱Mobile penetration testing methodology
📱Identifying issues with backend APIs
📱Cryptography in iOS apps
📱Authentication and Authorization
📱iOS Inter Process Communication (IPC)
📱Networking issues
📱Webviews
📱Software Composition Analysis (SBOM)
📱Mobile Device Management (MDM)
📱Mobile Application Management (MAM)

Secure your spot today and become a leader in mobile security!

Level:
Entry to
Intermediate

Class schedule:
TBA

Duration:
3 days
(8h/day)

Start date:
TBA

Level:
Entry to intermediate

Class schedule:
TBA

Duration:
8 weeks (8h/week)

Start date:
November 18th

Ideal for:

Penetration Testers and
QA Testers

IT Saff

Developers

Course syllabus:

Fundamentals and Setup
Advanced Techniques and Practical Application

Course led by:

Grant Douglas

Linkedin-in

Grant Douglas is a seasoned mobile security consultant with over a decade of specialization. He has conducted hundreds of mobile security projects, including penetration testing, code review, and threat modeling. Grant has also authored multiple mobile security training courses during the last decade, sharing experience with hundreds of security professionals and engineers worldwide, both in person and virtually. With extensive experience in using and contributing to mobile security tools such as Frida and Radare2, Grant has authored numerous features for these tools and collaborated professionally with their creators in previous roles.

Alex Soler

Linkedin-in

Alex Soler is a mobile security research engineer lead at NowSecure. He has spent over 10 years conducting security assessments, including penetration testing and evaluations of web and mobile applications. with a global background in mobile technology, he specialises in iOS environments. He is a regular speaker at national and international conferences and collaborates with a cybersecurity master’s program as a mobile security trainer. In addition to his professional roles, Alex actively mentors aspiring security professionals and contributes to open-source security projects. His work focuses on bridging the gap between advanced research and practical implementation, making him a key figure in the mobile security community, being also an active contributor to radare2 and Frida, serving as a passionate advocate for r2frida through his workshops and training.

Opt-in now

Student Pack Includes:

> Access to a virtual mobile security lab to leverage for practical hands on exercises.

> A lab guide with details and hints for all exercises.

> A solutions guide to take home which details all solutions discussed and walked through during the training.

> Course materials such as slides, links to further reading, code snippets, lab exercises, etc.

> Certificate of completion

Overview:

This instructor-led training course delves into the extensive range of threats unique to mobile applications and where relevant – attacks targeting the associated backend APIs.

The course is designed with a balanced split of theoretical knowledge and practical, hands-on labs. During this course, students will explore the essential security practices for mobile application development and will learn to identify, search for, and exploit vulnerabilities effectively.

Whether you are a penetration tester or a developer seeking to validate the effectiveness of your security measures, this course equips you with the comprehensive skills needed to ensure robust security coverage in your mobile products.

Join us now

upskill and become an expert in mobile security!

I want to become a HTB Certfied Bug Bounty Hunter

CBBH course includes:
+ Access to HTB Academy

+ 12 instructor-led sessions
+ Exam Voucher

Final Price
€ 1.910
REGISTER NOW

I want to become a Mobile Security Expert (Android)

Fill in the following form and we'll notify you when registration opens.

FAQs:

Accordion Content

Yes, you can book both courses and expel in both technologies. You can choose to focus on either Android or iOS security challenges and best practices, or opt-in for both. This ensures you receive tailored training relevant to the mobile operating system(s) you are working with.

The course aims to equip participants with a comprehensive understanding of mobile security, covering topics such as application security architecture, threat modeling, secure coding, and real-world security assessment techniques for mobile platforms.

This course is ideal for developers, security professionals, QA testers, and anyone interested in securing mobile applications and understanding common vulnerabilities and threats.

Basic programming knowledge (e.g., Objective-C, Swift, Java, or Kotlin) and familiarity with mobile development or security concepts are recommended but not mandatory.

The course primarily focuses on iOS and Android platforms, including their respective security architectures, tools, and techniques.

Participants will work with tools like Frida, Objection, Corellium, MobSF, and other mobile security testing frameworks to conduct vulnerability assessments and penetration tests.

Yes, the course incorporates industry standards such as the OWASP Mobile Security Testing Guide (MSTG) and the Mobile Application Security Verification Standard (MASVS), as well as secure coding and cryptographic best practices.

Absolutely! The course is designed to be highly practical, with hands-on labs and exercises to simulate real-world mobile security scenarios.

Yes, the course provides insights into Mobile Device Management (MDM) and Mobile Application Management (MAM), their use cases, and their role in enterprise mobile security.

By completing this course, you will gain specialized skills in mobile security, helping you to identify and mitigate vulnerabilities, develop secure applications, and perform professional security assessments, which are highly sought after in the industry.

Unfortunately we don’t record our sessions therefore you’ll need to catch up with the rest of the group. The support team can help you to catch up with the previous sessions and guide you on the materials that you need to read.

Subscribe to our insights and offers today!

Individuals

Teams

Cyber Helmets

Legal

2025 © Cyber Helmets, All rights reserved

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.