eMAPT Certification

Mobile Application Penetration Tester

The Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

eMAPT - Mobile Application Penetration Tester
The Exam
INE Security’s eMAPT is the only certification for mobile security experts that evaluates your practical abilities through a real world engagement.

INE Security’s eMAPT is a hands-on challenge. Students will receive a real-world scenario of two Android applications to analyze and pentest. The final deliverable is a working and reproducible proof of concept that is reviewed by INE’s course instructors.

Why eMAPT ?

Here are some ways the Mobile Application Penetration Tester certification is different from conventional certifications:

  • Ensures that you have a strong understanding of theoretical aspects behind mobile application security.
  • Tests a candidate’s ability to identify and exploit vulnerable mobile applications through a 100% practical exam.
    Not only must you try different methodologies to conduct a thorough penetration test, you are also asked to write a complete working exploit.
  • Only individuals who provide proof of their findings in addition to writing a working exploit are awarded the eMAPT Certification.

Knowledge Domains
The eMAPT assesses and certifies your skills in the following areas:

  • Information Gathering
  • Reverse engineering Android applications
  • Exploit Android vulnerabilities
  • Applied security principles
  • Logic flaws
  • Exploit development for Android environments
  • Encryption and cryptography
  • Identify vulnerable implementations

eMAPT is a certification for individuals with a complex understanding of mobile application vulnerabilities and exploits. Everyone can attempt the certification exam; however, here are the advised skills to possess for a successful outcome:

  • Letters of engagement and the basics related to a penetration testing engagement
  • Android applications architecture, security mechanisms and components
  • Vulnerability assessments of mobile applications
  • Performing Android application reverse engineering and algorithm analysis
  • Encryption/decryption algorithms
  • Performing manual exploitation


Certification Process

There are two ways to get certified.

Purchase an INE subscription and take the Mobile Application Penetration Testing Professional learning path.

The The Mobile Application Penetration Testing Professional path prepares you for the eMAPT exam with a blend of theoretical courses and a number of hands-on practical challenges similar to the final exam.


Attempt the certification without training

Candidates that feel prepared to demonstrate their practical and professional skills can purchase an eMAPT voucher and go through the certification process at their own risk.

Whether you are attempting the eMAPT certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase. Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.
Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.
Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 7 days from the beginning of the certification process (step 2), in PDF format for review.

You are awarded the certification after an INE instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification.

This exam is manually graded. Once submitted, it may take up to 30 business days to receive your results.