Researchers have presented estimations that up to 90% of all applications have at least one vulnerability. While research about mobile applications in particular is scarce, high-profile data thefts like the Snapchat user database indicate serious security concerns even for apps that are used by millions.
The unique position of mobile applications in the intersection of Web services, native APIs and low-level code presents a complicated threat model that requires strong understanding of security in order to create a secure application. This hands-on course is focused on introducing developers to the basics of iOS/Android application security and the basic threats and vulnerabilities they should be aware of when designing and coding such application.
The course includes free access to an interactive online exercise environment for one week, following the course’s completion.
- Weak Server Side Controls
- Insecure Data Storage
- Insufficient Transport Layer Protection
- Unintended Data Leakage
- Poor Authorization and Authentication
- Broken Cryptography
- Client Side Injection
- Security Decisions via Untrusted Inputs
- Improper Session Handling
- Lack of Binary Protections
- Development process tips, Q & A
Ideal for: The course is technical and the targeted participants are iOS/Andorid developers that understand Objective-C/ Java programming language, but have no particular experience in iOS/Android security.
Prerequisites: Working knowledge of iOS or Android platform development.
Participants should bring a Mac OS X laptop/notebook with installed Xcode, iOS SDK or an iOS device (required for the exercises). The former is strongly recommended.
Certificate: Upon successful completion of the course attendees will receive a certificate from ESI CEE.