Once a professional penetration tester gets his OSCP certification the decision for the next step is really hard to make. Some chose to go for binary exploit while others think ...
Performing a penetration test against a mobile application before releasing it to the public is becoming more and more necessary to protect the user’s personal life. Compared to classic web applications, there a very few relevant courses that can be bought to learn and practice this kind of penetration test. To fill this gap, the SANS organization proposes a certification called SEC575. So, Does SEC575 certification worth it?
The SEC575 certification is the most complete course on mobile application penetration tests. The course covers the most important techniques used to perform both mobile application and operation system penetration tests. What makes this course even better is the fact that cover both the iOS and the Android mobile OS.
In this blog post, we are going to discuss in detail what makes this certification the best choice for such penetration test discipline, and what would make you think again before going after it.
The best thing about the SEC575 course is that it first starts with learning about android and iOS operating systems. For the android operation system, things are a little bit easy as it is based on Linux and even the file system and most tools in it are pretty common for even a beginner. However, the iOS system is quite different with a whole different architecture and concepts. What makes the iOS even more difficult for a penetration tester is the fact that using it requires a big investment to acquire the needed hardware.
Moreover, the iOS system is a closed source operation system, which makes finding resources that explain its internal, not an easy work.
However, more companies tends to build mobile applications for both android and iOS. The reason for that is quite simple there are so many users for iOS users that can easily turn into customers compared to android.
Therefore, knowing the internals of both android and iOS will help the penetration tester to easily deploy and debug the audited application in those systems.
Once you get familiar with how to deploy, jailbreak iOS and how to manipulate and communicate with the system itself, the next step in the SEC575 course is to master the static analysis of mobile apps. The static analysis consists of several techniques like:
In real-life mobile application penetration testing and during a static analysis of the mobile application source code, it is common to find yourself with an obfuscated code. The source code obfuscation is becoming more popular among developers as it makes reverse engineering mobile apps more complicated. Therefore, mastering this technique will help you accelerating the process.
I personally like this course more than any other mobile application penetration test course as it covers the most popular mobile apps building technologies from unity to PhoneGap till flutter and react native apps. Which is basically what in most cases an application would be built on.
It’s true that this step is the most difficult one in the process of mobile application penetration testing as it require multiple skills including programing. However, this step is required and may reveal some very interesting information like secret passwords that can be used in the next step to easily penetrate the app itself or even the backend.
You can see this step as an information-gathering process that will help optimize the required work. The more time you give to this part, the easier will become the next steps of this process.
Here where the fun start, most of the previous steps could be seen as a sort of information collect and preparation to be used in this phase. In this part of the certification, you will learn how to manipulate the audited application and how to intercept its communications with its backend.
The idea here is to use a proxy to intercept the requests and learn how to use SSL pinning tools like Frida to intercept even the HTTPS requests.
In most cases it is at this level where the most important vulnerabilities are discovered. Therefore, following a good methodology to test the app is required, and this is exactly what you will find also in this part of the course.
Performing a penetration test against a certain mobile application is not always what clients asks for. In some cases, you may be asked to perform a penetration test against the mobile phone itself. Unfortunately, this skill is rare as there is no much resources about it. Therefore, to fill this gap, SEC575 has dedicated a whole section to learn the different skills required to perform such penetration tests.
To my best knowledge, this certification is the most up-to-date course you may find on mobile application penetration tests. As you may have seen in the previous section all the techniques presented there are used by the most experimented with penetration testers and you will still need them at least for the next 5 years. The techniques will always remain the same as android and iOS keep the same architecture. However, the tools may change by android and ios updates in the future.
The certification for this course is called GIAC Mobile Device Security Analyst. The exam of this certification is as usual for SANS certifications a QCM based one. The exam is proctored with 75 questions that should be answered in 2 hours with a score of at least 71% to pass.
The SEC575 certification is one of the best courses in the mobile application penetration test however it also has some disadvantages that should be taken into consideration:
|Teach both iOS and Android apps pentest||Very expensive course|
|A technical course||Unless you take an online mode, the course timeline is very short|
|Discuss the mobile penetration tests also||The course certification is QCM based|
|Very known author and teacher|
All sans certifications are a plus in your CV, some Expert focused job offers may require this certification to be accepted. Even if some job post does not require this certification, they take it into consideration while passing the recruitment process and may allow you to directly pass the technical check. Here are some job posts for this certification:
You may also think about the following certifications too:
Written by: Z. Oualid
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
In the intricate landscape of cybersecurity, understanding the concept of malware artifacts is paramount for safeguarding digital environments. All malwares has their own digitale signature that is represented by their [...]