About the course:
Our Mobile App Security training course is aimed at iPhone & Android developers who need to build more robust commercial apps.
Learn about the key threats that can make your apps - and therefore users - vulnerable.
You'll gain practical experience using community tools to test and secure apps, and equally importantly gain an appreciation for the necessity of security by design.
OWASP Mobile Top 10
Our secure mobile development course also takes a good hard look at the OWASP Mobile Top Ten most critical app security flaws, and makes use of tools such as iGoat and Android CK project.
If you have any questions, please do get in touch - we would love to discuss your learning goals and offer you flexible training solution.
The mobile app security course is available as a remote online virtual class - as a standalone workshop and as part of a custom training programme.
Learning outcomes
- Implementing a Secure Development Lifecycle (SDL)
- Understanding the OWASP Mobile Top 10 threats
- Encryption techniques
- App Security testing strategies
Who should attend
Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers
Prerequisites
Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.
Live, instructor-led online and on-site training
We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.
Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.
As soon as it's safe, we'll return to also offering the on-site custom training courses and programmes upon which we've built our reputation.
Mobile App Security
- Why is app security so important?
- What are the risks to *your* app users?
SDL in depth
- Analysing security and privacy risk
- Attack surface analysis
- Threat Modeling
- Identifying the right tools
- Enforcing banned functions
- Static analysis
- Dynamic / Fuzz Testing
- Response Plan
- Final Security Review
Hands-on with the OWASP Mobile Top 10 Security Risks
Keeping up to date with the latest OWASP To 10 vulnerabilities:
- M1: Improper Platform Usage
- M2: Insecure Data Storage
- M3: Insecure Communication
- M4: Insecure Authentication
- M5: Insufficient Cryptography
- M6: Insecure Authorization
- M7: Client Code Quality
- M8: Code Tampering
- M9: Reverse Engineering
- M10: Extraneous Functionality
Beyond OWASP
- Authorisation and Authentication options
- Mobile Data and asset encryption
- Enforcing user-level app security policies
- Minimising network exposure
- Secure auditing and logging solutions
- OS checks (rooted / jailbroken devices)
Summary
- Applying what you’ve learnt in the real world.
- Understanding the business impact of insecure software.