defdeveu courses
Search…
README
secdev courses
Java
JavaScript
Android
iOS
.NET
C/C++
Webapps in general
Testing courses
Mobile testing automation
Security test automation in CI/CD pipelines
Burp for developers
DevSecOps courses
Docker security
AWS security
Control courses
Security champions boot
Assisted code-review lab
Practical personal cybersec for security auditors
S-SDLC playbook
Library
Mobile security baseline
Hacking applications
Language specific
Delivery
Main features
Agenda structure
Days and kits
Trainer formations
Course materials
Trainers
Glenn ten Cate
Zsombor Kovács
Davide Cioccia
Péter Nyilasy
Marek Zachara
Riccardo ten Cate
Timur Khrotko
Powered By GitBook
Mobile security baseline

About the course

The course provides a solid overview about how mobile applications can be viewed from a hacker's perspective. Besides introducing the audience to concepts and ideas, the participants are also provided with examples and demo applications for common hacking tools, exploiting security pitfalls, design and implementation mistakes.

Properties

title: Mobile security baseline
aka: "Secure coding and design principles for mobile"
audience: mobile applications developers, application hackers, security enthusiasts
duration: 3-6hrs education time
developed by: Zsombor Kovács and Glenn ten Cate

Prerequisites

We assume that the developers attending the preps mobile secdev course:
    are familiar with with the mobile apps development process and technologies

Agenda

Intro to secure coding

    OWASP MASVS topics, an introduction to the areas to protect
    How a properly designed infrastructure architecture should be built

Secure coding principles and design

    Explanation of the secure coding principles
    Practical hands-on tasks of the secure coding principles
    Security by design

Mobile architectures are secure by design, why do we care

    API security, what will hit the server-side via a rooted mobile device
    The attack potential of an intercepting attacker with traffic manipulation capabilities

Cryptography basics

    Cryptography basics, TLS, ciphersuites
    HTTP certificate pinning, Perfect forward secrecy, Certificate transparency

Practical secure development

    Setting up the right security requirements
    Create and train security champions S-SDLC basics, secure development as integral part of SDLC
    Automatic tools and their values, non-automatic tools, pentests, peer code-review, assisted code-review

Testing exercises, DIY

    Testing security in Xcode / Android Studio
    Security testing with MobSF
    Security testing with Drozer
    Using vault.io for managing and protection of secrets
    Using SonarQube in mobile development

Trainers

Control courses - Previous
S-SDLC playbook
Next - Library
Hacking applications
Last modified 2yr ago
Copy link
Contents
About the course
Properties
Prerequisites
Related courses
Agenda
Trainers