ICSI|CMSS Certified Mobile Security Specialist

Introduction

Course Outline:
Mobile Security
Certification:
ICSI|CMSS Certified Mobile Security Specialist
Duration:
3 Days
Candidate Prerequisites:
Basic familiarity with Windows/Linux and mobile devices.

This course is concerned with mobile security and aims to provide a complete overview on the two major platforms iOS and Android. The course will teach the basics and characteristics of the platforms, security threats, vulnerabilities, and demonstrate practical penetration testing and forensics using real life scenarios enterprise scenarios for these two platforms.

This course will significantly benefit anyone involved in Information Security, Information Risk, Information assurance who wish to gain a deeper and more practical understanding in mobile security.

Module 1 Intro to mobile devices

  • Importance
  • Characteristics
  • Unique risk profile
  • Place in the enterprise

Module 2 Mobile Device security basics

  • Network Security
  • Physical Security/lock-screen security
  • Application Security
  • Connection Security
  • Tempest
  • MDM
  • Sandboxing Technologies

Module 3 iOS Platform

  • Characteristics
  • Users
  • App Store
  • Other ways to download apps
  • iCloud
  • XDK
  • File system and important locations

Module 4 Android Platform

  • Characteristics
  • Users
  • Apps
  • Alternate app stores
  • SDK
  • File system and important locations
  • Android versions/flavours

Module 5 iOS Security

  • Key security features
  • The boot process
  • Recovery mode
  • Biometrics
  • Jailbreak tethered and untethered
  • Cydia
  • Bootloader
  • Encryption
  • App sandboxing
  • Attacks
  • Vulnerabilities
  • Applications and types
  • Intents/ Extensions
  • Permissions
  • Future - Wearables

Module 6 Android Security

  • Key security features
  • Boot process
  • Recovery
  • Biometrics
  • Root
  • Bootloader
  • Encryption
  • App sandboxing
  • Attacks
  • Future - wearables
  • Vulnerabilities
  • Applications and Types
  • Intents
  • Permissions

Module 7 Mobile Application Penetration Testing

  • Mobile application structure – Native, Web, Hybrid
  • Mobile application SQLlite, plist, keychain, cookie, storage, cookies etc.
  • Mobile application reverse engineering
  • Mobile application static analysis techniques
  • Mobile application dynamic analysis techniques
  • Certificate pinning attack
  • XSS attack
  • Proxy attack
  • Javascript attack
  • URL Scheme Hijacking attack
  • Side channel attacks

Module 8 Mobile Forensics

  • Limitations
  • Special considerations and concerns
  • Alternate sources of data
  • Locations of interest
  • Tools of the trade and use
  • Multiple choice exam based on critical thinking and knowledge from the course.
  • Pass = 50-59% Merit = 60-79% Distinction = 80-100%.
  • 100% Final Assesement.

ARE YOU READY FOR A CAREER IN CYBERSECURITY?

Contact Us