Advice - A learning path for MOBILE pentesting / bug bounty programs

I’m interested in acquiring the skills necessary to become an ethical hacker and join bug bounty programs related to mobile platforms (mainly Android, for starters).

I noticed that a few books hold good reviews on the subject:

  • Android Hacker’s Handbook
  • The Mobile Application Hacker’s Handbook
  • Android Security Internals: An In-Depth Guide to Android’s Security Architecture
  • Several titles from Packt Publishing

I have intermediate knowledge on Python and the standard tools we can find on Kali. I’ve hacked some boxes and done a dozen online video courses.

Having said that, here are my questions:

  1. Is a solid knowledge of Java a requirement to enter this field?
  2. Are the books I mentioned above any good? Should I read them in the sequence I just presented? (I’m able to buy them all if necessary).
  3. I have some basic notions on web application vulnerabilities. Should I move to an in-depth knowledge on those before tackling mobile application and systems pentesting?

Thanks in advance for any insight. I hope this post becomes a reference to others who also intend on following a similar path.

2 Likes