The course aims to introduce the main security mechanisms of mobile operating systems and applications and present the core techniques, methodologies and tools for the vulnerability assessment and penetration testing of Android and iOS applications. The course involves both lectures and practical sessions for students.
Learning Outcomes:
- Acquire the main security mechanisms of mobile operating systems and applications;
- Know the most important vulnerability classes for mobile applications;
- Understand the methodologies and techniques to perform vulnerability assessment and penetration testing activities on mobile applications;
- Perform security assessment activities on Android and iOS applications and prepare security reports;
- Mobile Programming
- Foundations of Cyber Security
- Foundation of Object oriented programming, operating systems, and databases
Lectures plus individual hands-on during the course.
Security Model of Mobile OSes (Android, iOS)
Anatomy of Android and iOS Apps
Security of Android and iOS Apps
Vulnerability Assessment (VA) and Penetration Testing (PT) Methodologies
Reverse Engineering of Mobile Apps
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Lab: VA/PT of Mobile Apps (lab)
The teacher provides slides and exercises (in English) during the course.
Ricevimento: You can request a meeting by sending an e-mail to luca.verderame@unige.it
LUCA VERDERAME (President)
ENRICO RUSSO
ALESSANDRO ARMANDO (President Substitute)
https://corsi.unige.it/en/corsi/11160/studenti-orario
Project: execution of a vulnerability assessment and penetration testing activity of a set of applications for Android and iOS to be agreed together with the teacher. At the end of the activity, the student must present a report with a discussion of the activities carried out and the details of the identified vulnerabilities.
Students with certification of Specific Learning Disabilities (SLD), disabilities, or other special educational needs must contact the instructor at the beginning of the course to agree on teaching and examination methods that, while respecting the course objectives, take into account individual learning styles and provide appropriate compensatory tools. It is reminded that the request for compensatory/dispensatory measures for exams must be sent to the course instructor, the School representative, and the “Settore servizi per l'inclusione degli studenti con disabilità e con DSA” office (dsa@unige.it) at least 10 working days before the test, as per the guidelines available at the link: https://unige.it/disabilita-dsa
Pitch of the iresults of the project and oral discussion. The final evaluation will take into account:
class attendance;
the knowledge of the course contents tested with the project;
the problem-solving skills tested with the project;
the communication skills tested during the oral presentation.
