Mobile App Device Security and Penetration Testing Training for Android and iPhones

Learn to hack mobile devices, find vulnerabilities and protect them

Upcoming Course Schedule

About this course

Learn more on how to protect your mobile apps in this training course.

What is the course about

In this course you will learn how to find mobile device vulnerabilities and exploit them. You will learn how to setup a mobile penetration testing and forensics environment for Android and iOS mobile devices. You will learn how to extract data and recover data from Android and iOS devices. You will et accustomed with using wide array of tools to achieve the different tasks to exploit the device.The course is based on the OWASP Top 10 Mobile Risks for both Android and iOS. You will use the risks to profile the applications and also secure them.


The course is 5 days full time.

Programming Experience

No programming experience is required but to create your own scripts and also create Malware, programming in Python, or Ruby and Java is required. You can take the course without a programming background but you will not be able perform advanced techniques or do code analysis and debugging.

Technical Skill

Programming and computer security is required. This course is suitable for security specialists and programmers. You will need to be either proficient in developing iOS or Android mobile apps or be in the security field to benefit from this course. The course is highly hands on with minimal theory. You will need a good grasp of the command line as we will primarily use Linux and Mac OS X. A Macbook is required for working on iOS apps.

Private Training

The course is only offered privately to a group, team or company. We can schedule the course on your premises or our premises. A minimum of 4 delegates is required to schedule the course. The course price is R12 599 on your premises and R17 500 on our premises. There is no fixed date to run the course, we will work with you to find a date that meets your needs. The course can also be customized to fit your team requirements.

Benefits to You

By the end of the course you will have a solid understanding of the myriad attack vectors on mobile platforms, know how to perform assessment and provide informed decisions to management, clients and developers.

Course Schedule

Download the full course schedule below

Mobile App Ecosystem Overview

Other mobile platforms

Network - Interception of data over the air
Hardware - Baseband layer attacks
OS - Defects in kernel code or vendor supplied system
Application - Apps with vulnerabilities and malicious code have access to your data and device sensors

Installing and configuring the Android SDK and platform tools
Setting Up Android Emulators
Enabling USB Debugging on Your Android Phone

Android History
Android Components
System Services
Content Providers
Broadcast Receiver
AndroidManifest File
Android Permission System

Android Security Model & Linux Kernel
Android File System
Android File Hierarchy
App Sandboxing
Secure Inter process Communication
Application Signing
App Permissions

Android Forensic Security Tools


Imaging an Android Phone
Data Extraction Techniques
Data Recovery

M2 Insecure Data Storage
Share Preferences
SQlite Databases

M3 Insufficient Transport layer protection
Introduction and HTTP traffic interception
Intercepting HTTPS traffic
Passive analysis with tcpdump & Wireshark

M4 Unintended Data Leakage
Reading the clipboard

M5 Poor Authorization and Authentication

M6 Broken Cryptography

M7 Client Side Attack
SQL Injection at Client Side
Frame injection in WebViews

M8 Security Decisions via untrusted inputs
Intent Spoofing

M9 – Improper Session Handling

M10 Lack of binary protection
Reversing android apps with APKTOOL
Reversing android apps with dex2jar & JD-GUI
Finding Content Provider URIs using APKTOOL

Installing and configuring the Xcode for iOS Development
Setting up iOS Simulator
Deploying iOS apps to the device

ElcomSoft iOS Forensic Toolkit
Oxygen Forensic Suite
Prawn iRecovery Stick

Hacking iOS

Understanding the Architecture
Understanding the Device
Application Security

iPhone models
iPhone hardware
iPad models
iPad Hardware
File system
The HFS file System
Disk Layout
iPhone Operating System

Physical acquisition
iTunes backup
iCloud backup
Acquisition via jailbreaking

SQLite Databases
Property Lists
Recovering Deleted Records

iOS App Directory Structure
SQLite Data
plist files
Core Data
KeyChain Access

Penetration Testing iOS Apps - Unintended Data Leakage

App Backgrounding
Keyboard Cache

Intercepting HTTP Traffic
Intercepting HTTP'S' Traffic
Monitoring network traffic(TCP/IP)
Runtime Analysis
Dumping class information of preinstalled apps
Dumping class information of apps installed from App Store
Cycript Basics

Accessing and modifying variables using Cycript
Exploiting authentication using Cycript
Method Swizzling using Cycript
Bypassing Jailbreak detection using Cycript
Method Swizzling using Snoop-it
App Monitering Using SNOOP-IT
Runtime analysis with GDB
Runtime Analysis with SNOOP-IT

Mobile Malware

iOS Malware
More iOS Malware
Android Malware

Cydia Default password exploitation with Metasploit
Cracking OpenSSH passwords using Hydra
Metasploit bind shell on iDevices
Metasploit Reverse shell on iDevices

Download Course Outline
Course Pricing

Choose your training options. Attend a public or private training.

Public Training
  • Training at our center
  • Small class size
  • 5 days instructor led
  • Access to Slack channel
  • Access to materials website
  • 6 months after training support
  • Teamviewer, email and telephone support
  • Personalized feedback
  • Light lunches
Reserve Seat
Private Training - Onsite
  • Training on your site
  • Choose as many delegates as you want
  • 5 days instructor led
  • Access to Slack channel
  • Access to materials website
  • 6 months after training support
  • Teamviewer, email and telephone support
  • Personalized feedback
  • Customized course content
  • You provide the lunches
Enquire Now

Newsletter Sign Up

No Spam - Only latest news, price and activity updates
What people say about our courses

This is what our clients have to say

After attending the Xamarin training from Peruzal on our site, we were able to drastically accelerate our internal mobile app development efforts. Peruzal was a phone call away each time we needed support.
Jonathan Winnaar Scientist @ Institute for Maritime Technology
Came across your courses on Google search, after searching for Ruby training around South Africa. We were completely blown away with how much your trainers know stuff.
Divan Santan Infrastrucutre Engineer @ First National Bank
After our DBA left, we were left with noone with the skills to manage the research and scientific database Infrastrucutre. With Peruzal, we were able to get our team running in a matter of a week.
Encarni Colmenero Astronomer @ Southern African Large Telescope
Our team had different backgrounds, application programmers and astronomers with varied database interactions, we did not have formal training in the MySQL database. Peruzal delivered the training onsite and we were comfortable working with MySQL.
Lucian Botha Astronomy Information System Specialist @ South African Astronomical Observatory
“Coming from an academic background, with no prior exposure to programming, I had to develop an Android mobile app for tuition and research purposes. Peruzal helped me to build and implement the app in record time!”
Thuli Shandu Lecturer @ Univeristy of South Africa
Having years of experience in automation and embedded systems, we wanted our team to have experience in developing for Android. Peruzal did send a trainer onsite and we were blown away with the amount of information we had learnt in just 5 days
Cobus Smith Automation Manager @ ArcelorMittal

Answers to some of the most frequently asked questions.

Public Training
What is public training

With public training you attend the course with other delegates from other companies at our premises. If you would like private training we can arrange that the training be done at your premises, however, we require a minimum of 4 delegates for a private course.

What is private training

The training runs at your premises or you can come to us. We require a minimum of 4 delegates for a private training.

Refund Policy

Should you not be happy with the training, this should be raised within the first hour of training. We will try to resolve the issue and if we can't we refund 100% your money.

Cancelling Training

You can not cancel the course once you have booked. Please make sure that you have resolved your dates before making a booking. It takes a long time to organise the training, so we will not be able to refund once you book, however we can try to re-schedule the course at a later date for you.

Course Pricing
How much does the course cost?

The course price depends on whether the course will be on your site(private training) or at our offices(public). For a private course we require a minimum of 4 delegates in order to schedule the course.

How long does it take to complete the course

Most of our coruses are offered over 5 days full time, except for the Xamarin Cross Platform Mobile App Development course which is offered over 2 weeks. No part-time courses are offered at the moment.


We don't provide accomodation but we can help you find accomodation close to the center. We can also help you with arranging transport to pick you up from the airport.

Our preferred accomodation provider is AirBnb. We recommmend if its your first time, only book from a Super Host on AirBnB.

Certificate of Completetion

Our mobile app development courses are hands on, for you to receive a certificate of completion, you will need to demonstrate that you have master the concepts during the course by developing a production mobile application and deploying it to the Google Play or Apple store. No certificates of completion will be awarded without proof that you have developed and deployed your app to the relevant store.