Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Android secure coding 2-day

VIEWS: 16 PAGES: 4

all about Android operating system, antivirus, security, programming, app, tutorial

More Info
									Android Secure Coding
    2-Day Course

   Course Syllabus
         Android secure coding 2-day course
Course description

Secure programming is the last line of defense against attacks targeted toward our systems.
This course shows you how to identify security flaws & implement security countermeasures
when writing code for Android mobile devices. Using sound programming techniques and best
practices shown in this course, you can produce high-quality code that stands up to attack.
The course covers major security principles when writing Java code for Android (Dalvik)
mobiles.

The objectives of the course are to acquaint students with security concepts and terminology,
and to provide them with a solid foundation for developing secure software. By course
completion, students should be proficient in secure programming and have learnt the basics of
security analysis and design. Students should then be able to develop, design and maintain
applications using security methods and techniques using the Android development platform.

Target audience

Members of the software development team:

   Android developers


Prerequisites

Before attending this course, students should be familiar with:

   Basic knowledge of the Android development platform
   Java background




                                                                                   1|Page
Course topics
Day 1
Introduction to Android Security

    Top issues facing mobile apps
    What makes mobile security so different?
    Mobile malware
    The Android Linux OS security
    The Android security mechanisms
    Application file system isolation
    Database isolation
    The permission model

Android App Permissions

    Application permission isolation
    The permission model
    Permission types & app restrictions
    Permission categories
    Creating custom permissions
    Verifying process permissions

Android Component Security

    The Permissions model
    Component exposure levels – public & private
    IPC security using Intents
    Component restrictions
    Service permissions
    Activity permissions
    Content provider permissions
    Broadcast Intent permissions

Secure Authentication & authorization

    Securing credentials and password storage
    Using CAPTCHA mechanisms
    Avoiding IP based authentication
    Avoiding IMEI based authentication
    Avoiding phone number based authentication
    Avoiding client side UI based authorization

                                                   2|Page
Day 2
Cryptography

    Introduction to cryptography
    Symmetric encryption
    Asymmetric encryption
    Certificate
    One way Hashing
    Digital Signatures
    Secure key generation
    Using the KeyStore class
    Adding certificates to the store

Secure communication

    Remote Authentication
    HTTP Authentication
    Validating server certificates and avoiding man-in-the-middle
    Using the HostnameVerifier class
    Privilege Boundaries in Networked Applications
    Sanitization
    Using SSL with the HttpsURLConnection class

Secure coding guidelines

    Validation controls
    Avoiding storing secrets in code
    Using SQLite
    Avoid client side SQL Injection
    Secure process execution
    Clipboard separation
    Code signing

Server Side Security

    OS Command Injection
    SQL Injection
    Cross Site Scripting (XSS)
    Cross Site Request Forgery (CSRF)
    Parameter Tampering
    Authentication breach
    Unauthorized operations and access to data
                                                                    3|Page

								
To top