The course provides a solid overview about how mobile applications can be viewed from a hacker's perspective. Besides introducing the audience to concepts and ideas, the participants are also provided with examples and demo applications for common hacking tools, exploiting security pitfalls, design and implementation mistakes.
title: Mobile security baseline
aka: "Secure coding and design principles for mobile"
audience: mobile applications developers, application hackers, security enthusiasts
duration: 3-6hrs education time
developed by: Zsombor Kovács and Glenn ten Cate
We assume that the developers attending the preps mobile secdev course:
are familiar with with the mobile apps development process and technologies
OWASP MASVS topics, an introduction to the areas to protect
How a properly designed infrastructure architecture should be built
Explanation of the secure coding principles
Practical hands-on tasks of the secure coding principles
Security by design
API security, what will hit the server-side via a rooted mobile device
The attack potential of an intercepting attacker with traffic manipulation capabilities
Cryptography basics, TLS, ciphersuites
HTTP certificate pinning, Perfect forward secrecy, Certificate transparency
Setting up the right security requirements
Create and train security champions S-SDLC basics, secure development as integral part of SDLC
Automatic tools and their values, non-automatic tools, pentests, peer code-review, assisted code-review
Testing security in Xcode / Android Studio
Security testing with MobSF
Security testing with Drozer
Using vault.io for managing and protection of secrets
Using SonarQube in mobile development
Lead trainer:
Co-trainer: