Recommendations & Review of eMAPT
Hi everyone!
As can be understood from the title; This article will include my review of the eMAPT certification process and my recommendations based on my preparation process. You can be sure that you will be certified when you follow the advice I give in the rest of the article. Before going into details, there is a point I want to make; The main reason I am writing about this certification process is that there are not “enough” resources on the internet regarding the relevant certificate. Therefore, I would like to thank the people who lead by writing a review for this certificate before entering the details.
Review
You can have an eMAPT certificate in two ways; By taking the certification exam without training ( with just a voucher code) or by taking the certification exam by getting training. If you have a certain level of experience in the field of mobile application security, if you have actively performed penetration tests for mobile applications, I think you can be successful by taking the certification exam directly without training (just by taking the voucher code). However, if you do not have sufficient knowledge in this field, if you know the subjects partially in theory but have not applied at all, I recommend you to get training and prepare for the certification exam because the documents are both instructive and aim to prepare you directly for the certification exam. If you are careful, you will notice that this training teaches you how to fish and also gives you fish at some points.👻
In general about the eMAPT process; I think its presented documents are of high quality and efficient. Here you need to know; you are not connecting to a remote live lab environment. When you access the lab environment, you can download the .apk files, documents, and videos for you to practice.
The last information I will convey within the scope of the review; After applying for the certification process, you must take the exam within six months. For the entrance to this certification exam, I think one month you will spend working in a planned and regular manner will be sufficient.
Preparation
Roadmap
- As I mentioned above, if you have experience in mobile application security, mobile penetration testing, it will be sufficient to know only basic android application development.
- As I mentioned above, if you do not have enough knowledge and experience in this field, I strongly recommend that you get training. You can complete your process in the most efficient way by reading the documents, getting support from the videos where necessary, and doing exercises. These will really be enough for you to get the certificate.
- If you want to obtain the certificate by making preliminary preparation for the certificate (without training — just by taking the voucher code), or if you want to improve yourself in the field of mobile application security, mobile penetration tests, you can use the resources I provide below under the heading “Useful Resources”.
- In addition, I have great news! In 2022 (the last update 👩🏻💻), I will share a series of 8 articles on “Android Application Security”, including this certification preparation process. I believe this will be very beneficial for those who will prepare for this certificate.🥂
Useful Resources
Under this heading; There are resources where you can learn detailed information about mobile application security, vulnerability applications that you can reinforce by applying the techniques you learned for eMAPT and more, and cheat sheets prepared in this area. I hope you find them useful too.
- https://mobile-security.gitbook.io/mobile-security-testing-guide/
- https://appsecwiki.com/#/mobilesecurity
- https://github.com/OWASP/owasp-mstg/
- https://pentester.land/cheatsheets/2018/10/12/list-of-Intentionally-vulnerable-android-apps.html
- https://github.com/xtiankisutsa/awesome-mobile-CTF
- https://mobexler.com/checklist.htm
- https://github.com/b-mueller/android_app_security_checklist
- https://www.mindmeister.com/1713501700?t=Rv9UQ7aC2t
- https://github.com/tjunxiang92/Android-Vulnerabilities
- https://www.raywenderlich.com/778533-encryption-tutorial-for-android-getting-started
Exam
Details
First of all, I want to give brief information about the exam process;
- The exam takes seven days.
- While education focuses on Android and iOS, the exam focuses only on Android applications.
- In the exam, you are given two applications with vulnerabilities. First of all, you are expected to detect the vulnerabilities on these applications and then write your own malicious application that will allow you to take advantage of these vulnerabilities.😈
- Finally, within the given time (seven days), you must submit the .apk and PoC code of your malicious application. You do not need to submit a separate penetration test report for this exam.
Tips and Tricks
- The first and perhaps the only sentence you should not forget; “Nothing is being asked of you that is not taught to you.” Therefore, adjust your perspective accordingly and do not worry about it unnecessarily or unfocus on the wrong points.👩🏻💻
- After completing the certificate application, be sure to review the correspondence under the heading “eMAPT” in the forum of the community, because you will find answers to many questions you have in mind here.🌟
- While preparing for the exam, do not work memorized, with a straight perspective. Ask yourself questions and focus on the answers to those questions. For example; I am expected to write a Y application that exploits the X vulnerability. What could be the X vulnerability at this stage? etc. If you have purchased the training, you have those precious documents containing clear answers to these questions. Just think wisely and be careful.👻
- While preparing for this certificate, learn to read the source codes of applications well. Believe me, this will be very useful both in the exam and in your business life.
- Finally, as I always said; never give up!😈🥂👩🏻💻
When you apply for all these, you will have your precious eMAPT certificate🌟
View my verified achievement from @eLearnSecurity;
