In this highly technical seminar, we use realistic code examples (Android and iOS) and practical exercises (Android). Common attack vectors and corresponding countermeasures are presented and discussed. The focus lies on understanding the typical weaknesses of modern mobile devices and the out of that resulting know-how to implement sustainable security through the consistent application of the learned countermeasures. The following questions are addressed over and over again for the given scenario:
- How are attacks against mobile applications carried out?
- How can errors be avoided in the design and implementation phase?
- How can vulnerabilities be efficiently identified?
During the course of the seminar, an initially insecure Android application is analyzed statically and dynamically with regards to the Mobile OWASP Top 10 vulnerabilities, subsequently corrected and the changed corrected behavior validated at runtime. Our modern training environment ensures efficient access to the training material and partly supports fully automatic review of the solutions created by the participants.
All contents can be adapted specifically to your needs!
- General structuring
- Input and output handling
- Authentication and password management
- Interprocess Communication
- Session Management
- Access Control
- Data storage / protection
- Error Handling and Logging
- Communications Security
- System Configuration
- File Management
- Memory Management
- Selection of considered cross-cutting topics (customizable):
- Platform specific security features
- SQLite / -Cipher
- (Shared) Preferences
- Keychain / Keystore
- Spongy Castle