{"id":327,"date":"2019-08-07T20:12:07","date_gmt":"2019-08-07T20:12:07","guid":{"rendered":"http:\/\/www.ebruu.com\/?page_id=327"},"modified":"2019-08-07T20:12:07","modified_gmt":"2019-08-07T20:12:07","slug":"mobile-penetration-testing-training","status":"publish","type":"page","link":"https:\/\/www.ebruu.com\/index.php\/mobile-penetration-testing-training\/","title":{"rendered":"Mobile Penetration Testing Training"},"content":{"rendered":"\n<p>We teach following technical and business logic issues related to mobile application on the different mobile platforms such as android,IOS and windows.<\/p>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td>Jailbreak Warning\n  Checks<\/td><\/tr><tr><td>Certificate Pinning Checks<\/td><\/tr><tr><td>Dangerous\n  enabled settings(debug mod etc)<\/td><\/tr><tr><td>Decompile\/Reversing tests<\/td><\/tr><tr><td>Hardcoded Passwords checks in the sources<\/td><\/tr><tr><td>Token, 3rd party data leakage checks in\n  the sources<\/td><\/tr><tr><td>Information leakage in the real time\n  device logs<\/td><\/tr><tr><td>Application logs checks if there is\n  critical information<\/td><\/tr><tr><td>Application&#8217;s stored cache data checks<\/td><\/tr><tr><td>Password protection situation of the\n  local databases<\/td><\/tr><tr><td>Sensitive information storing situation\n  of the databases<\/td><\/tr><tr><td>Checks all critical files(xml,plist etc)<\/td><\/tr><tr><td>Run time tests<\/td><\/tr><tr><td>Memory analyse in the run time<\/td><\/tr><tr><td>Certificate Pinning Bypass<\/td><\/tr><tr><td>Situation of the keyboard cache in the\n  text inputs<\/td><\/tr><tr><td>Data storage shared sdcard<\/td><\/tr><tr><td>Tcpdump analysis whilst app is working<\/td><\/tr><tr><td>All backup file, logs and spesific files\n  analysis<\/td><\/tr><tr><td>Sensitive strings search with grep in the\n  whole app directory<\/td><\/tr><tr><td>Mobile app recompile tests<\/td><\/tr><tr><td>Android APK obfuscation sitiation&nbsp;<\/td><\/tr><tr><td>Input manipulation tests<\/td><\/tr><tr><td>2-factor auth tests<\/td><\/tr><tr><td>Data transmission security between device\n  and server<\/td><\/tr><tr><td>Server side tests<\/td><\/tr><tr><td>Full port scan for server IP address<\/td><\/tr><tr><td>Full vulnerability scanning for server IP\n  address<\/td><\/tr><tr><td>Mobile web site tests like a website test<\/td><\/tr><tr><td>Testing app permissions<\/td><\/tr><tr><td>Testing critical information in the\n  clipboard<\/td><\/tr><tr><td>Application Session Timeout situation.<\/td><\/tr><tr><td>Username and password policy check<\/td><\/tr><tr><td>Predictable credentials checks<\/td><\/tr><tr><td>Login form captcha, anti-csrf usage\n  situation<\/td><\/tr><tr><td>Business logic vulnerabilities on the\n  application functions<\/td><\/tr><tr><td>Code injection tests<\/td><\/tr><tr><td>Command execution tests<\/td><\/tr><tr><td>Iframe injection<\/td><\/tr><tr><td>LFI\/RFI Tests<\/td><\/tr><tr><td>LFI via iframe injections on the device<\/td><\/tr><tr><td>XSS tests(Reflected,Dom,Stored,Blind)<\/td><\/tr><tr><td>XSS tests with payload injections via\n  cross paltforms(mobile-web)<\/td><\/tr><tr><td>XXE vulnerability checks<\/td><\/tr><tr><td>Technical and business logic tests on the\n  registration form<\/td><\/tr><tr><td>Password reset function tests<\/td><\/tr><tr><td>Access via web browser to mobile app with\n  useragent changing<\/td><\/tr><tr><td>Takeover account tests<\/td><\/tr><tr><td>Deployment and configuration issues<\/td><\/tr><tr><td>Mobile API and webservices tests<\/td><\/tr><tr><td>SSRF Tests(local and remote)<\/td><\/tr><tr><td>Insecure Direct Object Reference Tests<\/td><\/tr><tr><td>Privilege Escalation with diffrent roles<\/td><\/tr><tr><td>Directory traversal<\/td><\/tr><tr><td>Advenced authorization and authentication\n  tests<\/td><\/tr><tr><td>Username enumeration wia warnin messages\n  or mis-developments<\/td><\/tr><tr><td>Automate Scanning<\/td><\/tr><\/tbody><\/table>\n","protected":false},"excerpt":{"rendered":"<p>We teach following technical and business logic issues related to mobile application on the different mobile platforms such as android,IOS and windows. Jailbreak Warning Checks Certificate Pinning Checks Dangerous enabled settings(debug mod etc) Decompile\/Reversing tests Hardcoded Passwords checks in the sources Token, 3rd party data leakage checks in the sources Information leakage in the real [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-327","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/comments?post=327"}],"version-history":[{"count":1,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/327\/revisions"}],"predecessor-version":[{"id":328,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/327\/revisions\/328"}],"wp:attachment":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/media?parent=327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}