The course aims to introduce the main security mechanisms of mobile operating systems and applications and present the core techniques, methodologies and tools for the vulnerability assessment and penetration testing of Android and iOS applications. The course involves both lectures and practical sessions for students.
Learning Outcomes:
- Acquire the main security mechanisms of mobile operating systems and applications;
- Know the most important vulnerability classes for mobile applications;
- Understand the methodologies and techniques to perform vulnerability assessment and penetration testing activities on mobile applications;
- Perform security assessment activities on Android and iOS applications and prepare security reports;
- Mobile Programming
- Foundations of Cyber Security
- Foundation of Object oriented programming, operating systems, and databases
Lectures plus individual hands-on during the course. Working students and students with certified SLD (Specific Learning Disorders), disability or other special educational needs are advised to contact the teacher at the beginning of the course to agree on teaching and examination arrangements so to take into account individual learning patterns, while respecting the teaching objectives.
Security Model of Mobile OSes (Android, iOS)
Anatomy of Android and iOS Apps
Security of Android apps
Security of iOS Apps
Vulnerability Assessment (VA) and Penetration Testing (PT) Methodologies
Reverse Engineering of Mobile Apps
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Lab: VA/PT of Mobile Apps (lab)
The teacher provides slides and exercises (in English) during the course.
Ricevimento: You can request a meeting by sending an e-mail to luca.verderame@unige.it
LUCA VERDERAME (President)
ENRICO RUSSO
ALESSANDRO ARMANDO (President Substitute)
https://corsi.unige.it/en/corsi/11160/studenti-orario
Project: execution of a vulnerability assessment and penetration testing activity of a set of applications for Android and iOS to be agreed together with the teacher. At the end of the activity, the student must present a report with a discussion of the activities carried out and the details of the identified vulnerabilities.
Pitch of the iresults of the project and oral discussion. The final evaluation will take into account:
class attendance;
the knowledge of the course contents tested with the project;
the problem-solving skills tested with the project;
the communication skills tested during the oral presentation.
