Secure Coding for mobile Applications

In this highly technical seminar, we use realistic code examples (Android and iOS) and practical exercises (Android). Common attack vectors and corresponding countermeasures are presented and discussed. The focus lies on understanding the typical weaknesses of modern mobile devices and the out of that resulting know-how to implement sustainable security through the consistent application of the learned countermeasures. The following questions are addressed over and over again for the given scenario:

  • How are attacks against mobile applications carried out?
  • How can errors be avoided in the design and implementation phase?
  • How can vulnerabilities be efficiently identified?

During the course of the seminar, an initially insecure Android application is analyzed statically and dynamically with regards to the Mobile OWASP Top 10 vulnerabilities, subsequently corrected and the changed corrected behavior validated at runtime. Our modern training environment ensures efficient access to the training material and partly supports fully automatic review of the solutions created by the participants.

All contents can be adapted specifically to your needs!


  • General structuring
    • Input and output handling
    • Authentication and password management
    • Interprocess Communication
    • Session Management
    • Access Control
    • Cryptography
    • Data storage / protection
    • Error Handling and Logging
    • Communications Security
    • System Configuration
    • File Management
    • Memory Management
  • Selection of considered cross-cutting topics (customizable):
    • Platform specific security features
    • SQLite / -Cipher
    • (Shared) Preferences
    • Keychain / Keystore
    • Spongy Castle
    • Backup

Target Group

  • Software Developer
  • Architects
  • Project Manager


2 to 3 days or individually tailored


Best Practices for secure Web Applications or similar level of knowledge


Secure Coding of mobile applications Mirko Richter
Experienced SSDLC consultant with 15+ years of experience
Secure Coding of mobile applications Björn Kirschner
Experienced penetration tester and IT security consultant

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

Secure Coding of mobile applications

Your Contact:

Dr.-Ing. Benjamin Kellermann

Contact us via email.
Or call us or use our special contact form.