Before we start getting our hands dirty by looking at the internals of mobile apps, let's set the stage by looking at what the certification landscape looks like. I'm sharing this first in the series because I know this will be essential to those who already have the skills or are starting but looking to apply for roles in companies.

As a disclaimer, I haven't taken any of these certifications yet and this is purely coming from the resources I've learned from the mobile application penetration testing course from TCM Security Academy. Also, this list is in no particular order on which one I recommend to go after.

With that out of the way, let's dive right in.

eLearnSecurity Mobile Application Penetration Tester

This certification is provided by eLearn Security and also comes with training material from INE which can be accessed with an active subscription. You can attempt to get certified without training for people who feel prepared to demonstrate their practical and professional skills.

You will need to follow these steps to get a certificate whether attempting the eMAPT certification exams with or without the training courses from INE:

• Purchase a certification exam voucher

• Begin the certification process

• Take your exam

• Upload your report

• Receive your results

To get certified, you will be assessed on...

• Information Gathering

• Reverse engineering Android applications

• Exploit Android vulnerabilities

• Applied security principles

• Logic flaws

• Exploit development for Android environments

• Encryption and cryptography

• Identify vulnerable implementations

GIAC Mobile Device Security Analyst (GMOB)

The GIAC Mobile Device Security Analyst (GMOB) certification ensures that people charged with protecting systems and networks know how to properly secure mobile devices that are accessing vital information.

This certification tests candidates on knowledge about assessing and managing mobile device and application security, as well as mitigating against malware and stolen devices.

To get certified, you will be assessed on...

• Analyzing Mobile Applications

• Assessing Mobile Application Security

• Attacking Encrypted Traffic

• Managing Android Devices and Applications

• Managing iOS Devices and Applications

• Manipulating Mobile Application Behavior

• Manipulating Network Traffic

• Mitigating Against Mobile Malware

• Mitigating Against Stolen Mobile Devices

• Reverse Engineering Mobile Applications

• Unlocking and Rooting Mobile Devices

Infosec Institute Certified Mobile and Web App Penetration Tester (CMWAPT)

This is a learning path that aims at building your penetration testing skills and prepares you to earn your Certified Mobile and Web App Penetration Tester (CMWAPT) certification you receive after the course to validate your pen-testing skills.

Similar to INE, you get access to the training materials with an active subscription.

These are just some of the organizations to get certified which I know but if you have experience with other organizations, please leave a comment below. If you're enjoying this series, please tell a friend and follow me for more content like this.