Computer Society of India Mumbai Chapter
Two days hands-on workshop on:
7th & 8th March 2014, 9:30 am to 5:30pm, Mumbai
With most of our digital lives now revolving around the use of smartphones and tablets, mobile security has become a major security concern. This course will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put our consumer and data privacy at risk. We cover real world examples security breaches either of the smartphone security framework or by 3rd par ty applications. Concepts of rooting/jailbreaking will be covered to show how 3rd party apps can be installed on the device. The training also covers in detail the various security frameworks across different mobile platforms like Apple, Android & Blackberry with understanding of common threats and best security practices. Secure mobile application design strategies will be put forward to encourage programmers and developers to write secure code in their application(s) for making robust and hardened apps. This will ensure the highest levels of security measures in the apps and subsequently peace of mind for the clients.
Session One– Introduction & Case Studies
Module 1: Introduction to Mobile Security
Module 2: Mobile Security Hacking – Case Study
Module 3: OWASP Top 10 Mobile Issue so
Module 4: Jail-breaking & Rooting Concepts/Issues
Module 5: Security frameworks in different mobile platforms – Android, iPhone, Blackberry
Module 6: Understanding possible threats
Module 7: Factors determine best security solution
On-device and On-the-air data protection
Session Two –Secured Development Strategies
Module 8: Secure Programming Practices
Module 9: Input/output Sanitization
Module 10: Secure communication protocols
Module 11: Access control
Module 12: Leverage OS permission model
Module 13: Use effective quality assurance techniques
Module 14: Application signing
Session Three – Mobile Device Management (MDM)
Module 15: Trends & Challenges
Module 16: Building MDM strategy
Module 17: Specific elements of MDM
Module 18: Vendor assessment
Session Four- Mobile Security Risk Assessment
Module 19:Risk – Vulnerability – Threats
Module 20: Factors of Risk
Module 21: Steps of performing mobile risk assessment
Module 22: Rating information sensitivity worksheet
Module 23: Inherent vulnerabilities in mobile environment
Module 23: Threats for operational environment
Module 24: Mitigation actions of mobile security risks
Module 25: Security policy strategies for mobile environment
Module 25: Handy checklist for mobile security
Who Should Attend
This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
Facilitator / Faculty Profile
Sanoop Thomas currently serves as a Head Security Trainer, Vulnerability Assessor, and Pen Test & Forensics Expert. His work mainly focuses on conducting Security Training, Vulnerability Assessment and Penetration Testing for premier clients. He has consistently impressed clients with his ability to think out of the box, and creatively attack systems and applications. He is well‐versed with the OWASP, WASC, OSSTMM, ISO 27001:2005 and PCI Standards. He was a speaker at Null Mumbai Chapter, OWASP India 2013 Conference, and many more.
His technical abilities span a very wide range of technologies across networks, operating systems, databases, web servers, and applications; however his specialization is Applications security, Reverse Engineering& Malware Analysis, Wireless Security and more Research and Developments.
He has experience on m any significant projects which include Disc Based Forensics, Intrusion Analysis, Application Security Assessments, Malware Analysis, Mobile Security Testing, Network Auditing, Wireless Penetration Testing etc.
Master of Computer Application, Anna University, Tamilnadu, India
Bachelors of Computer Science, Calicut University, Kerala, India
Sun Certified Java Programmer (SCJP)
Offensive Security Wireless Professional (OSWP)
ISO 27001:2005 LA
Detailed Experience & Expertise
Well versed with OWASP – Top Ten and WASC Threat Classifications
Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
Good knowledge of TCP/IP fundamentals
Expertise in security for Operating Systems, Databases, and Web Servers
Expertise in security for a VoIP technology
Cracking WEP, WPA, WPA2 encryption
Hotspot Attack on open WiFi Networks
Mobile Device & Application Security
Device Security Testing
Cloud Security Alliance
OWASP Top 10 Cloud Security Risks
Disk Imaging & Analysis with Encase
Forensics with Open source Tools
Network Forensics & Log Analysis
Email Address Tracking
Penetration Testing 2.0
Social Engineering Attacks
Business Logic Tests
Reverse Engineering Windows Binary
Reverse Engineering Linux Executable
Reversing Mobile Applications
Virtual Machine Detection & Analysis
Sanoop has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.
Assessment Tools : Nmap, Tenable Nessus, Metasploit, BurpSuite, Wireshark, NetCat, Aircrack‐ng suite, Cain & Abel, tcpdump, Ettercap, PWDump, Brutus, JTR , Hydra, OphCrack, Wikto, tnscmd, OSScanner, IkeScan, IkeProbe, WinDbg, Ollydbg, IDA, PE Tools.
Programming Languages: C, C++, HTML, JAVA, Bash Scripting, SQL, PHP, LUA, Python.
Being a public speaker and trainer, Sanoop has good communication skills by virtue of making several presentations and trainings on topics, but not limited to, Social Engineering, Metasploit, Mobile Security, Wireless Hacking etc.
Very strong commitment to quality of deliverables.
Certified Professional Hacker (CPH)
Certified Professional Forensic Analyst (CPFA)
Certified Web Application Security Professional (CWASP)
Security Audit (Network, Wireless, Operating System &Databases)
Certified Information Security Consultant (CISC)
Trainings with Defense Research & Development Organization(DRDO) of India
Digital Forensics, Reverse Engineering, Malware Analysis
Trainings with Computer Society of India
Application Security, Database Security, Cloud Computing& Security, Operating System Security, Network Security, Mobile Security, Computer Crimes & Digital Forensics
Terms & Conditions
CSI Members Rs 14,850 /- Per Participant
Non CSI Member Rs 19,101/- Per Participant
Group Discount is available for minimum 5 number of registration
– All payment should be made in the name of “CSI Mumbai Chapter” Payable at Mumbai.
– The mentioned fees are inclusive of all taxes and charges.
– Registration fees covers courseware, lunch, Tea/Coffee and CSI Certificate.
– Group discount is available for minimum 5 number of registration.
– Non CSI Member can avail discount in fees by becoming member of the society for details visit : http://www.csi-india.org
Payment is to be made in favour of ‘CSI Mumbai
Chapter, A/c No. 054401002573 payable at ICICI Bank,
MIDC, Andheri East, Branch, Mumbai-400093,
RTGS/NEFT Code: ICIC0000544, (All Major VISA / Master
Credit / Debit cards will be accepted)
Venue & For Registration Contact
CSI Mumbai Chapter,
Unit no 3, 4th floor, Samruddhi Venture,
MIDC, Andheri East, Mumbai – 400093.
Tel : 022 28235476 / 28235548, Mobile : 9819089527, 9664926800, Fax: 022 28235546
Email: firstname.lastname@example.org / email@example.com
Website : http://www.csimumbai.org
Participation only through advance registration, (Batch size : 20 participants only)
Note – Out station participants need to confirm atleast 2 days prior to the commencement of the training
This mail is not spam mail and is a genuine communication from Computer Society of India (CSI) Mumbai Chapter to its members and other IT Professionals to inform them about the forthcoming event. If you feel that this mail should not have been sent to you or you want similar communication to be sent to your different e-mail address, please reply to this mail and specify it in the message.
Computer Society of India Mumbai Chapter