The Complete Guide to Android Bug Bounty Penetration Tests

Description

An app is often vulnerable to many attacks. Revealing vulnerabilities in applications and networks, testing cyber defense capabilities, and monitoring penalties are just a few among the many reasons why penetration testing is so important. With this in mind, this course introduces you to an array of tools that will help you test a vulnerable Android app. To identify vulnerability issues, we will use popular tools such as Drozer and the Burp Suite. To decompile the code, you will use tools Dex2Jar and Jadx. However, decompiling the code is not possible for closed third-party apps; in such cases, you will have to reverse-engineer the code, and for this, you will learn how to use the Android Debug Bridge. By the end of the course, you will be able to simulate an attack on any Android application and exploit its vulnerabilities. The code files and all related files are uploaded on GitHub at https://github.com/PacktPublishing/The-Complete-Guide-to-Android-Bug-Bounty-Penetration-Tests

What You Will Learn

Intercept traffic between the app and the server using the Burp Suite
Identify vulnerabilities by reading the source codes
Identify access control issues
Exploit broadcast receivers using Drozer
Use Jadx to produce Java source code from Android Dex and APK files

Audience

This course is ideal for Android developers looking to secure their applications and Bug Bounty participants looking to target Android apps. People looking to expand their knowledge of computer security will also find this course useful.

Approach

This is a hands-on guide to pen-testing Android applications. In this course, we take a vulnerable application and simulate attacks to identify the issues with the app. Once these vulnerabilities are fixed, the security risks are minimal.

Key Features

Learn about dynamic and static analysis * Become an expert at finding Android exploits * Master popular pen-testing tools

Github Repo

https://github.com/PacktPublishing/The-Complete-Guide-to-Android-Bug-Bounty-Penetration-Tests

About the Author

Scott Cosentino

Scott Cosentino is a software developer and teacher currently working in computer security. Scott has worked extensively with both low- and high-level languages, working on operating system- and enterprise-level applications. Scott has a passion for teaching and currently writes and creates videos on computer security and other programming topics. He has developed an extensive library of courses and has taught over 45,000 students through courses with Udemy, Packt, and CodeRed. He maintains a blog on Medium, and is active on YouTube and LinkedIn, where he enjoys creating content and interacting with students.

Course Outline

1. Lab Setup

2. Information Gathering

3. APK modification exploits

4. Insecure Authentication Exploits

5. Insecure Storage Exploits

6. Broadcast and Content Provider Exploits

7. General Bug Bounty Tips