Mobile Application Penetration Testing

nathandrakenathandrake Member Posts: 68 ■■■□□□□□□□
I'm wondering if anyone that has experience with mobile app pen testing can assist me.  Just for some background.  I do web application pen testing with no background in pen testing mobile apps, but due to a security flaw in our android tablets that we produce, my company is wanting me to start pen testing our tablets as well.  Starting with the latest firmware upgrade that addresses this flaw.  I'm going to be learning on the fly here.  Could anyone recommend some good tools I can use?  I've googled a few tools, but there seems to be quite a bit to choose from.

Without having much knowledge in this area and with the company wanting a thorough test completed by the end of the week, I don't have the time to try tool after tool to find some good ones.  It can be free ones or paid ones.  My company said they have no issues spending money to get me what I need.  

Another question, I noticed that eLearnSecurity has a mobile pen testing course.  Has anyone taken this and have any feedback if it's worth it?  I just completed the web pen testing course and liked it.  I'm going to see if my company will pay for me to get some training in mobile pen testing, but I want to find the right course.

Comments

  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 513 Admin
    I don't have much mobile pentesting experience either, but I've heard good things about a couple of the tools in this article. Drozer, Frida, and QARK should all be pretty useful in pentesting android devices.

    As far as the course goes, if you liked the eLearnSecurity web pentesting course, there's no harm in checking out their mobile course. However, if you're looking for some alternatives, we have a mobile pentesting course on Infosec Skills! There's about an hour of Android content, so if you're starting from nothing, you might find it to be helpful. You can sign up for a 7-day free trial to check it out if you like, and let me know if you have any questions!
    Community Manager at Infosec!
    Who we are | What we do
  • yoba222yoba222 Senior Member Member Posts: 1,146 ■■■■■■■■□□
    The OWASP MSTG is a great start in a pinch, but like you wrote, I'd get some training while I could.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
Sign In or Register to comment.