Advanced Mobile Penetration Testing with OWASP MobiSec

Secure Ideas | August 2-3 & 4-5


On This Page


Overview

In this hands-on, lab driven course students will be taught a methodology and series of techniques used to perform penetration testing of mobile devices and applications. This course, created by the project leads for the OWASP MobiSec project, uses intense lab driven learning that allows the student to learn techniques, tools and a methodology for testing mobile applications.

Kevin Johnson and James Jardine will work with the students to perform testing of iOS and Android as well as the web application and web services that make up the back end of these systems. They will work through various lab exercises as well as a complete capture the flag event on the second day of class.


Who Should Take This Course

Anyone performing or interested in performing mobile application penetration tests.


Student Requirements

Knowledge of basic pentesting techniques.


What Students Should Bring

Laptop with at least 4 GB RAM and 50GB free HDD.


What Students Will Be Provided With

DVD or USB stick with course materials and lab environments.


Trainers

Kevin Johnson and James JardineKevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.

Kevin has performed a large number of trainings, briefings and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Black Hat, ISACA, Infragard and ISSA.

Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

James Jardine is a Principal Security Consultant with Secure Ideas, LLC. James has over 12 years of software development experience with over half of that focusing on application security. During his long development history, he has had the opportunity to write both large enterprise applications, thick clients, and mobile applications. He has held many roles including senior developer, software architect, and application security expert. In addition, James is an instructor and author for the SANS Institute. He is also a contributing blogger for the Secure Ideas blog, the Jardine Software blog, and the SANS Appsec blog.

James has performed a number of trainings and presentations for both public events and internal trainings. James teaches the Dev544: Secure Coding in .Net course at the SANS Institute. He is also a contributing author for that course. He has also presented on multiple webcasts, at the Kentucky ISSA InfoSec Summit, and BSides Orlando. In addition, James is the co-host of the Professionally Evil Perspective podcast and the Down the Security Rabbithole podcast.

James is also involved in the open source community. he runs a number of open source projects. These include WCSA; a security analyzer for web.config files, and EventValMod; a tool to modify event validation values in .Net. He is also a contributor to the Laudanum project; a collection of injectable web payloads.