diff --git a/Android Application Pentesting Course Content.md b/Android Application Pentesting Course Content.md deleted file mode 100644 index 0789777..0000000 --- a/Android Application Pentesting Course Content.md +++ /dev/null @@ -1,118 +0,0 @@ -# Lab Setup - - Genymotion - - Android Studio - - BlueStacks - - VMware :: Virtual Box - -# Introduction to Android - - Android History - - Android Architecture - 1. Linux Kernel - 2. Libraries - 3. Android Run Time (ART) and Dalvik Virtual Machine (DVM) - 4. Application Framework - 5. Application - - Android File Systems - 1. Android File System - 2. Application Permission and user Permission - - Android Bootup process - 1. Boot Loader - 2. Init Process - 3. Zygot - 4. DVM/ART - - Android Application build Process - - Android Application Components - 1. Activities - 2. Services - 3. Broadcast Receiver - 4. Content Provider - - Common Files in Android Application - - Permissions in Android Application - 1. Normal Permissions - 2. Dangerous Permissions - - Libraries and Functions used for Secure Android Application Development - - Key Store - - Android Inter Process Communication (IPC) - -# Android Debug Bridge - - ADB Components - - Installation - - Connecting Devices - - Managing Files on Device - - Application Installation and Log Analysis - -# Static Analysis - - Jadx - - JD-GUI - - APK-Tool - - Android Studio - - APK Inspector - - Bytecode Viewer - - Quick Android Review Kit (QARK) - -# Damm Insecure Vulnerable Application (DIVA) - - Insecure Logging - - Hardcoding Issues - Part 1 - - Insecure Data Storage - Part 1 - - Insecure Data Storage - Part 2 - - Insecure Data Storage - Part 3 - - Insecure Data Storage - Part 4 - - Input Validation Issues - Part 1 - - Input Validation Issues - Part 2 - - Access Control Issues - Part 1 - - Access Control Issues - Part 2 - - Access Control Issues - Part 3 - - Hardcoding Issues - Part 2 - - Input Validation Issues - Part 3 - -# Web Application Hacking - -# OWASP Top 10 Attacks for Android 2014 - - Weak Server Side Controls - - Insecure Data Storage - - Insufficient Transport Layer Protection - - Unintended Data Leakage - - Poor Authorization and Authentication - - Broken Cryptography - - Client Side Injection - - Security Decisions Via Untrusted Inputs - - Improper Session Handling - - Lack of Binary Protections - -# OWASP Top 10 Attacks for Android 2016 - - Improper Platform Usage - - Insecure Data Storage - - Insecure Communication - - Insecure Authentication - - Insufficient Cryptography - - Insecure Authorization - - Client Code Quality - - Code Tampering - - Reverse Engineering - - Extraneous Functionality - -# Dynamic Analysis - - Capture Application Traffic in Burp Suite - - Mobile Security Framework (MobSF) - 1. Static Analysis - 2. Dynamic Analysis - - Drozer - - Frida - - Objection - - Androbugs Framework - - MARA Framework - - Database Analysis - - Appium - -# Mobile Application Pentesting Frameworks - - AppUse - - Mobexler - - Santoku - - Appie - -# Testing Applications - - Insecure - - Diva Beta Applications - - Pentesterlab vulnerable Applications - -# Bug Bounty Approach