Certification: GMOB

Certification:

GIAC Mobile Device Security Analyst (GMOB)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

See the GIAC website for additional details on the GMOB certification.

Exam Certification Objectives
Objectives Objective Outcome Statement
Analyzing Application Network Activity The candidate will demonstrate the ability to capture and interpret network traffic for the purposes of assessing the security of mobile device applications.
Analyzing Static Applications The candidate will demonstrate the understanding of techniques to evaluate mobile application binaries and permissions in order to detect potentially harmful behavior.
Assessing Mobile Application Security The candidate will demonstrate the ability to assess the security of mobile applications with respect to privacy, data protection, and undesirable application behavior.
Attacking Mobile and Wireless Infrastructure The candidate will demonstrate the ability to recognize and leverage architectural opportunities on mobile devices and the associated infrastructure to improve security of mobile devices.
Attacking Mobile Web Applications The candidate will demonstrate understanding of common mobile web application attacks such as XSS, client-side injection, SQL injection, and parameter tampering.
Managing Android Devices The candidate will demonstrate familiarity with Android configuration and security models and how they affect security posture.
Managing iOS Devices The candidate will demonstrate familiarity with iOS configuration and security models and how they affect security posture.
Managing Mobile Accessories The candidate will demonstrate familiarity with other mobile devices such as wearable technologies, their security risks, and mitigation strategies.
Manipulating Mobile Application Behavior The candidate will demonstrate the understanding of security evasion techniques to test the security of mobile applications in order to detect potentially harmful behavior.
Manipulating Network Traffic The candidate will demonstrate an understanding of typical wireless traffic attacks such as sidejacking, traffic manipulation and SSL/TLS attacks.
Mitigating Against Mobile Malware The candidate will be able to demonstrate how to protect mobile device data, and mitigate against malware targeted to mobile devices.
Mitigating Against Stolen Mobile Devices The candidate will be able to demonstrate how to mitigate against the threat of data loss from stolen mobile devices.
Penetration Testing against Mobile Devices The candidate will demonstrate the ability to implement a regular penetration testing program to evaluate a mobile device deployment, to identify vulnerabilities, and to accurately evaluate the threat of vulnerabilities to an organization.
Unlocking and Rooting Mobile Devices The candidate will demonstrate understanding of the concept and processes behind rooting, jailbreaking, and unlocking mobile devices and the security ramifications.