Mobile Application Security Assessment
RCCE students will learn security analysis of iOS and Android applications. RCCE students will learn to apply industry-standard tools and techniques to identify weaknesses and verify security controls. The course covers practical scenarios ranging from initial setup to final reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Mobile Application Security Assessment
- Execute hands-on tasks for 1007 mobile application security assessment
- Execute hands-on tasks for pen testing
- Explain Course Overview & Learning Objectives fundamentals
- Execute hands-on tasks for analyze mobile apps — covering Static and dynamic analysis techniques, iOS and Android architecture deep dive, Reverse engineering fundamentals.
- Execute hands-on tasks for apply offensive tools — covering Frida, Objection, APKTool, jadx, Intercept and manipulate traffic, Bypass certificate pinning and controls.
- Execute hands-on tasks for produce security reports — covering Finding documentation and CVSS scoring, Remediation recommendations, Executive and technical reporting.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for shared threat surface — covering Linux kernel + hardware abstraction, ART runtime (ahead-of-time compiled), Binder IPC mechanism between apps.
- Execute hands-on tasks for environment setup & lab configuration
- Execute hands-on tasks for android lab — covering Android Studio with emulator (API 30+), ADB, apktool 2.9, jadx 1.5 installed, Burp Suite + cert installed on device.
- Execute hands-on tasks for proxy & network — covering Burp Suite Pro with mobile CA cert, Charles Proxy as alternative for iOS, WiFi or USB tethering for traffic routing.
| Module 01 | 1007 Mobile Application Security Assessment |
| Module 02 | Pen Testing |
| Module 03 | Course Overview & Learning Objectives |
| Module 04 | Analyze Mobile Apps |
| Module 05 | Apply Offensive Tools |
| Module 06 | Produce Security Reports |
| Module 07 | Mobile Architecture & Threat Model |
| Module 08 | Android Architecture |
| Module 09 | Shared Threat Surface |
| Module 10 | Environment Setup & Lab Configuration |
| Module 11 | Android Lab |
| Module 12 | Proxy & Network |
| Module 13 | Analysis Workstation |
| Module 14 | Improper Credential Usage |
All hands-on labs run on Rocheston Rose X OS. Students practice mobile application security assessment by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for 1007 mobile application security assessment
- Lab 2: Execute hands-on tasks for pen testing
- Lab 3: Explain Course Overview & Learning Objectives fundamentals
- Lab 4: Execute hands-on tasks for analyze mobile apps
- Lab 5: Execute hands-on tasks for apply offensive tools
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Mobile Application Security Assessment, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI