Mobile security baseline
The course provides a solid overview about how mobile applications can be viewed from a hacker's perspective. Besides introducing the audience to concepts and ideas, the participants are also provided with examples and demo applications for common hacking tools, exploiting security pitfalls, design and implementation mistakes.
title: Mobile security baseline
aka: "Secure coding and design principles for mobile"
audience: mobile applications developers, application hackers, security enthusiasts
duration: 3-6hrs education time
We assume that the developers attending the preps mobile secdev course:
- are familiar with with the mobile apps development process and technologies
- OWASP MASVS topics, an introduction to the areas to protect
- How a properly designed infrastructure architecture should be built
- Explanation of the secure coding principles
- Practical hands-on tasks of the secure coding principles
- Security by design
- API security, what will hit the server-side via a rooted mobile device
- The attack potential of an intercepting attacker with traffic manipulation capabilities
- Cryptography basics, TLS, ciphersuites
- HTTP certificate pinning, Perfect forward secrecy, Certificate transparency
- Setting up the right security requirements
- Create and train security champions S-SDLC basics, secure development as integral part of SDLC
- Automatic tools and their values, non-automatic tools, pentests, peer code-review, assisted code-review
- Testing security in Xcode / Android Studio
- Security testing with MobSF
- Security testing with Drozer
- Using vault.io for managing and protection of secrets
- Using SonarQube in mobile development
- Lead trainer:
- Co-trainer:
Last modified 3yr ago