Security audit of Android and iOS mobile applications

At the end of this module, students will be able to identify the vulnerabilities in the OWASP Top10 Mobile list, carry out their own attacks to recover sensitive information stored by Android or iOS applications, and modify the behavior of these applications to counter simple security functions (PIN locking, jailbreak detection, encryption of communications, etc.).

The aim of this module is to pass on security assessment methods for Android and iOS applications, as well as recommendations for countering or at least slowing down these attacks. It is based on the OWASP (Open Web Application Security Project) MSTG (Mobile Security Testing Guide) methodology and our own professional experience. The necessary basics (architecture and components, test environment, tools) will be explained, followed by practical exercises to better understand the techniques.