The Synopsys Software Integrity Group is now Black Duck®. Learn More

Foundations of Mobile Security

Course Description

Mobile applications have become an everyday part of life, whether we are checking email, getting directions, or sending funny pictures to friends. While mobile devices offer an ever-increasing number of developers a chance to interact with users via their application, they also provide unique security challenges that can be difficult to understand. This course provides an overview of the risks a developer needs to be aware of when developing for mobile. 

Learning Objectives

  • Understand common mobile application security vulnerabilities
  • Define the security controls of multiple mobile operating systems
  • Articulate real-world threats to mobile applications

Details

Delivery Format: eLearning

Duration: 3/4 hours

Level: Beginner

Intended Audience:

  • Architects
  • Front-end Developers
  • Mobile Developers
  • QA Engineers

Prerequisites: NA

Course Outline

Mobile Platforms

  • Mobile Concerns: Thick Clients
  • Thick Clients: Performance vs. Security
  • Thick Clients: Official Apps are Best
  • Sandboxing
  • Sandboxing for Android
  • Sandboxing for iOS
  • Code Signing
  • Code Signing for Android
  • Code Signing for iOS
  • Code Signing: Summary
  • Permissions
  • App Store Verification
  • Challenges
  • Challenges with Rooted/Jailbroken Devices

Mobile Applications

  • Mobile Web Application
  • Native Mobile Application
  • Hybrid Mobile Application
  • Cross-Platform Frameworks
  • Security Considerations

Mobile Threats

  • The Mobile Threat Landscape
  • Remote Attacks
  • Client-Side Attacks
  • Malicious Applications and Profiles
  • Social Engineering
  • Network Attacks

Application Security Vulnerabilities

  • Insecure Data Storage
  • Insufficient Transport Layer Protection
  • Unintended Data Leakage
  • Lack of Binary Protections

Application Security Controls

  • Introduction to Security Controls
  • Does Data Need to Be There?
  • Securing Data at Rest
  • Securing Data in Transit
  • Preventing Unintended Data Leakage
  • Binary Hardening

Mobile Application Security Testing

  • Testing Overview
  • Testing Debug Builds (Android Only)
  • Testing Release Builds
  • Dealing with Hardened Applications
  • Other Considerations

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster