Two days hands-on workshop on: Mobile Security

Computer Society of India Mumbai Chapter
Two days hands-on workshop on:
Mobile Security
7th & 8th March 2014, 9:30 am to 5:30pm, Mumbai
With most of our digital lives now revolving around the use of smartphones and tablets, mobile security has become a major security concern. This course will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put our consumer and data privacy at risk. We cover real world examples security breaches either of the smartphone security framework or by 3rd par ty applications. Concepts of rooting/jailbreaking will be covered to show how 3rd party apps can be installed on the device. The training also covers in detail the various security frameworks across different mobile platforms like Apple, Android & Blackberry with understanding of common threats and best security practices. Secure mobile application design strategies will be put forward to encourage programmers and developers to write secure code in their application(s) for making robust and hardened apps. This will ensure the highest levels of security measures in the apps and subsequently peace of mind for the clients.
Course Contents
Day 1:
Session One– Introduction & Case Studies
Module 1: Introduction to Mobile Security
Module 2: Mobile Security Hacking – Case Study
Module 3: OWASP Top 10 Mobile Issue so
Module 4: Jail-breaking & Rooting Concepts/Issues
Module 5: Security frameworks in different mobile platforms – Android, iPhone, Blackberry
Module 6: Understanding possible threats
Module 7: Factors determine best security solution
Password Lockout
On-device and On-the-air data protection
Data fading
Session Two –Secured Development Strategies
Module 8: Secure Programming Practices
Module 9: Input/output Sanitization
Module 10: Secure communication protocols
Module 11: Access control
Module 12: Leverage OS permission model
Module 13: Use effective quality assurance techniques
Module 14: Application signing
Day 2:
Session Three – Mobile Device Management (MDM)
Module 15: Trends & Challenges
Module 16: Building MDM strategy
Module 17: Specific elements of MDM
Module 18: Vendor assessment
Session Four- Mobile Security Risk Assessment
Module 19:Risk – Vulnerability – Threats
Module 20: Factors of Risk
Module 21: Steps of performing mobile risk assessment
Module 22: Rating information sensitivity worksheet
Module 23: Inherent vulnerabilities in mobile environment
Module 23: Threats for operational environment
Module 24: Mitigation actions of mobile security risks
Module 25: Security policy strategies for mobile environment
Module 25: Handy checklist for mobile security
Who Should Attend
This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
Facilitator / Faculty Profile
Sanoop Thomas currently serves as a Head Security Trainer, Vulnerability Assessor, and Pen Test & Forensics Expert. His work mainly focuses on conducting Security Training, Vulnerability Assessment and Penetration Testing for premier clients. He has consistently impressed clients with his ability to think out of the box, and creatively attack systems and applications. He is well‐versed with the OWASP, WASC, OSSTMM, ISO 27001:2005 and PCI Standards. He was a speaker at Null Mumbai Chapter, OWASP India 2013 Conference, and many more.
His technical abilities span a very wide range of technologies across networks, operating systems, databases, web servers, and applications; however his specialization is Applications security, Reverse Engineering& Malware Analysis, Wireless Security and more Research and Developments.
He has experience on m any significant projects which include Disc Based Forensics, Intrusion Analysis, Application Security Assessments, Malware Analysis, Mobile Security Testing, Network Auditing, Wireless Penetration Testing etc.
Educational Qualification
Master of Computer Application, Anna University, Tamilnadu, India
Bachelors of Computer Science, Calicut University, Kerala, India
Sun Certified Java Programmer (SCJP)
Offensive Security Wireless Professional (OSWP)
ISO 27001:2005 LA
Detailed Experience & Expertise
Application Security
Well versed with OWASP – Top Ten and WASC Threat Classifications
Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
Network Security
Good knowledge of TCP/IP fundamentals
Expertise in security for Operating Systems, Databases, and Web Servers
Expertise in security for a VoIP technology
Wireless Security
Cracking WEP, WPA, WPA2 encryption
Penetrating WPS
Hotspot Attack on open WiFi Networks
War Driving
Mobile Device & Application Security
Device Security Testing
Application Testing
Permission Auditing
Cloud Security
Cloud Security Alliance
OWASP Top 10 Cloud Security Risks
Disk Imaging & Analysis with Encase
Forensics with Open source Tools
Network Forensics & Log Analysis
Email Address Tracking
File Recovery
Memory Forensics
Malware Analysis
Penetration Testing 2.0
Social Engineering Attacks
Client-side Attacks
Business Logic Tests
Binary Auditing
Reverse Engineering Windows Binary
Reverse Engineering Linux Executable
Reversing Mobile Applications
Virtual Machine Detection & Analysis
Reversing Algorithm
Technical Skills
Sanoop has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.
Assessment Tools : Nmap, Tenable Nessus, Metasploit, BurpSuite, Wireshark, NetCat, Aircrack‐ng suite, Cain & Abel, tcpdump, Ettercap, PWDump, Brutus, JTR , Hydra, OphCrack, Wikto, tnscmd, OSScanner, IkeScan, IkeProbe, WinDbg, Ollydbg, IDA, PE Tools.
Programming Languages: C, C++, HTML, JAVA, Bash Scripting, SQL, PHP, LUA, Python.
Interpersonal Skills
Being a public speaker and trainer, Sanoop has good communication skills by virtue of making several presentations and trainings on topics, but not limited to, Social Engineering, Metasploit, Mobile Security, Wireless Hacking etc.
Very strong commitment to quality of deliverables.
Trainings conducted
Certified Professional Hacker (CPH)
Certified Professional Forensic Analyst (CPFA)
Certified Web Application Security Professional (CWASP)
Security Audit (Network, Wireless, Operating System &Databases)
Certified Information Security Consultant (CISC)
Trainings with Defense Research & Development Organization(DRDO) of India
Digital Forensics, Reverse Engineering, Malware Analysis
Trainings with Computer Society of India
Application Security, Database Security, Cloud Computing& Security, Operating System Security, Network Security, Mobile Security, Computer Crimes & Digital Forensics
Registration Fees
Terms & Conditions
CSI Members Rs 14,850 /- Per Participant
Non CSI Member Rs 19,101/- Per Participant
Group Discount is available for minimum 5 number of registration
– All payment should be made in the name of “CSI Mumbai Chapter” Payable at Mumbai.
– The mentioned fees are inclusive of all taxes and charges.
– Registration fees covers courseware, lunch, Tea/Coffee and CSI Certificate.
– Group discount is available for minimum 5 number of registration.
– Non CSI Member can avail discount in fees by becoming member of the society for details visit :
Payment is to be made in favour of ‘CSI Mumbai
Chapter, A/c No. 054401002573 payable at ICICI Bank,
MIDC, Andheri East, Branch, Mumbai-400093,
RTGS/NEFT Code: ICIC0000544, (All Major VISA / Master
Credit / Debit cards will be accepted)
Venue & For Registration Contact
Harshavardhan Mane
CSI Mumbai Chapter,
Unit no 3, 4th floor, Samruddhi Venture,
MIDC, Andheri East, Mumbai – 400093.
Tel : 022 28235476 / 28235548, Mobile : 9819089527, 9664926800, Fax: 022 28235546
Email: /
Website :
Participation only through advance registration, (Batch size : 20 participants only)
Note – Out station participants need to confirm atleast 2 days prior to the commencement of the training
This mail is not spam mail and is a genuine communication from Computer Society of India (CSI) Mumbai Chapter to its members and other IT Professionals to inform them about the forthcoming event. If you feel that this mail should not have been sent to you or you want similar communication to be sent to your different e-mail address, please reply to this mail and specify it in the message.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s