Secure Coding for mobile Applications
In this seminar, which is highly technical and uses realistic code examples (Android and iOS) and hands-on (Android), common attack vectors and corresponding countermeasures are presented. The focus here is on understanding the typical weak points of modern mobile devices and the out of that resulting possible creation of sustainable security through the consistent application of the countermeasures learned. The following questions are taken up again and again:
- How are attacks against mobile applications carried out?
- How can errors be avoided in the design and implementation phase?
- How can vulnerabilities in the code be efficiently identified?
During the course of the seminar, an initially insecure Android application is analyzed statically and dynamically with regard to the central Mobile OWASP Top 10 vulnerabilities, subsequently corrected and the changed corrected behavior validated at runtime. Our modern training environment ensures efficient access to the training material and partly supports fully automatic review of the solutions created by the participants.
All contents can be adapted specifically to your needs!
- General structuring
- Input and output handling
- Authentication and password management
- Interprocess Communication
- Session Management
- Access Control
- Data storage / protection
- Error Handling and Logging
- Communications Security
- System Configuration
- File Management
- Memory Management
- Selection of considered cross-cutting topics (customizable):
- Platform specific security features
- SQLite / -Cipher
- (Shared) Preferences
- Keychain / Keystore
- Spongy Castle