Training Outline:
More often than not, the android app that you use have access to a backend application or API residing somewhere on a remote server accessible via web. Be it games, ride sharing apps, shopping apps, or whatever type of app there is, the app will send and receive data to/from its backend system, and these systems can be hacked !
This 2-day course teaches practical techniques for reversing various types of Android Application, and hacking into modern web backends through various vulnerabilities such as SQLi, LFI/RFI, XSS, IDOR, XXE, Deserialization, Broken Authentication, and may more. Participants will be exposed to both static and dynamic analysis techniques for reversing Android Apps, and methods to analyze backend systems/API for vulnerabilities and ways to exploit them. Towards the end of the course, there will be a mini CTF where they can test their newly acquired skills to hack !
Day 1
- Equipment: A laptop capable of running VMs smoothly (no netbook please), WiFi network connectivity.
- Knowledge: Basic knowledge of Linux, JAVA, Javascript, and Web Application programming