eMAPT Certification Exam Review

3 min readMay 11, 2022

https%3A%2F%2Felearnsecurity.com%2Fproduct%2Femapt-certification%2F&psig=AOvVaw0_xne9If_H4AvPX0c2qW5g&ust=1652367993707000&source=images&cd=vfe&ved=0CAwQjRxqFwoTCIiM6vXc1_cCFQAAAAAdAAAAABAD

Hello Everyone, this is my review for the eMAPT certification exam, for which I have received multiple queries regarding exam structure, exam duration, tips, and resources, I have tried to cover as much as possible, and hope you find it helpful in your eMAPT journey.

Introduction

The eMAPT certification from eLearnSecurity is one of the most extensive hands-on certification in Mobile Pentesting. This reflects individuals with advanced Mobile application security knowledge.

In order to pass the exam, the individual has to demonstrate expert skills in information gathering, Reverse engineering Android applications, Exploiting Android vulnerabilities, Applying security principles, Logic flaws, Exploiting development for Android environments, Encryption, and cryptography, and Identifying vulnerable implementations.

The certification exam cost is $400, this gives the exam taker 2 attempts into the certification exam, and you have 7 days in case you failed 1st time the exam reviewer will give feedback to your submitted report/source code, for which you have another 7 days to resubmit your code.

An individual can also opt for the MASPT v2 course via purchasing a paid subscription from https://ine.com/pricing and by enrolling in the Mobile Application Penetration Testing Professional learning path.

The Course — MASPT v2

I started with the course content first, in order to prepare for the exam, the course is divided into 2 parts majorly:

Android —

Starts from the very basics and covers the architectural concepts of Android helps with information in order to be able to clear the exam.
The course content is crisp and fun to go through with, not just for the exam the course will prepare you for different aspects of Android security from theoretical to setting up and using your own Mobile test lab.
Also covers static code analysis for Android applications.

iOS —

For iOS security, the course also covers the iOS architecture, the build process, how to reverse iOS applications, and details around how to conduct dynamic analysis.

The Exam

The exam only requires you to create an exploit Android application only, there is no requirement for testing or conducting any iOS related testing throughout the entire exam.

Duration: You get 7 days to exploit, create and submit the exploit .apk and source code of your exploit .apk application.
Pattern: You will be provided with 2 Vulnerable Android applications, you have to first understand the weaknesses and make an exploit Android application from scratch. The next step would be to upload the .apk file and source code of that exploit application as Report.
Passing Criteria: Your exploit application must be able to exploit the vulnerability that exists in the shared vulnerable applications. Do not worry you will get more details about this in the LETTER OF ENGAGEMENT.

Once you start your exam, the Letter of Engagement will be your guide to the entire exam, this document will guide you with the scope of engagement, exam objectives, and how to submit your final proof of concept.

Tips and Resources

There are a few tips and resources which I think would be helpful for you if you are going to take the exam for the first time.

Understand the how App data and files are managed/shared among other applications: https://developer.android.com/guide/topics/data, https://developer.android.com/guide/topics/providers/content-providers
Learn how encryption and decryption work: https://developer.android.com/guide/topics/security/cryptography
Get familiar with creating and debugging Android applications inside Android Studio IDE: https://developer.android.com/studio/debug (In case you get stuck with your code this might help you out)
Try to run your exploit app on multiple Android devices, your exploit should work on all devices and should not ask for any Android permissions.

Who should take this Certification

IMO anyone working with Mobile Application Pentesting, Mobile Application Security, or having a strong interest in learning Mobile Application Security can take this certification, the only prerequisite is that you should be having some prior knowledge on building basic Android applications.

If you are new to Android app development, I would suggest you can take help from: https://developer.android.com/codelabs/build-your-first-android-app.

Thank you for reading, hope this review will help other upcoming exam-takers in the future.