Our classroom training provides you the opportunity to interact with instructors and benefit from face-to-face instruction.
Advanced Android Security
VIRTUAL TRAINING
Catering to the demands of busy professionals, our virtual training programs are as effective as face-to-face learning.
CORPORATE TRAINING
Our Corporate training provides you the opportunity to interact with instructors and benefit from face-to-face instruction.
TRAINING HIGHLIGHTS
High quality training from Certified & Industry Experts
Earn 24 PDUs
Course Completion Certificates
Extensive documentation provided
Reimbursement guaranteed if the training is not satisfied
Our approach is both practical and inspirational. Our training is carefully designed and tested to develop the key skills and confidence needed while being highly participatory and fun
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. This advanced course gives a comprehensive overview of these features putting an equal emphasis on both native code issues and Java security, allowing a deeper analysis of the vulnerabilities, attacks, protection techniques and counter attacks in three days.
The course is recommended to those developers who extensively use both Java and native code to develop complex Android applications.
| DAY 1 | DAY 2 | DAY 3 |
|---|---|---|
| 1. IT security and secure coding | 1. Basics of cryptography | 1. Android and Java vulnerabilities |
| 2. Android security overview | 2. Android native code security | 2. Testing Android code |
| 3. Application security | 3. Advices and principles | |
| 4. Knowledge sources |
Course Outline:
IT security and secure coding
- ● Nature of security
- ● IT security related terms
- ● Definition of risk
- ● IT security vs. secure coding
- ● From vulnerabilities to botnets and cybercrime
- ● Classification of security flaws
Android security overview
- ● Android fragmentation challenges
- ● The Android software stack
- ● OS security features and exploit mitigation techniques
- ● The Linux kernel
- ● Filesystem security
- ● Dalvik
- ● Deploying applications
Application security
- ● Permissions
- ● Writing secure Android applications
- ● Digital Rights Management (DRM)
- ● Reverse engineering and debugging
Basics of cryptography
- ● Cryptosystems
- ● Symmetric-key cryptography
- ● Other cryptographic algorithms
- ● Asymmetric (public-key) cryptography
- ● Public Key Infrastructure (PKI)
- ● Cryptography on Android
Android native code security
- ● Buffer overflow possibilities in Android
- ● ARM architecture
- ● Buffer overflow on the stack
- ● Protection techniques – ASLR, XN, RELRO, …
Android and Java vulnerabilities
- ● Input validation
- ● SQL Injection
- ● Cross-Site Scripting (XSS)
- ● Improper use of security features
- ● Improper error and exception handling
- ● Code quality problems
Testing Android code
- ● Testing Android code
- ● Android Lint
- ● Android Lint – Security features
- ● Lint exercise
- ● PMD
- ● PMD exercise
- ● FindBugs
- ● FindBugs exercise
Advices and principles
- ● Matt Bishop’s principles of robust programming
- ● The security principles of Saltzer and Schroeder
Knowledge sources
- ● Secure coding sources – a starter kit
- ● Vulnerability databases
Learning Objectives:
Individuals certified at this level will have demonstrated:
- ● Understand basic concepts of security, IT security and secure coding
- ● Learn the security solutions on Android
- ● Learn to use various security features of the Android platform
- ● Get information about some recent vulnerabilities in Java on Android
- ● Get understanding on native code vulnerabilities on Android
- ● Learn about typical coding mistakes and how to avoid them
- ● Get practical knowledge in using security testing tools
- ● Get sources and further reading on secure coding practice
Once after the training we will provide you the course completion certificate.
Android application developers, architects and testers.
What does Mangates provide me on the day of the course?
We provide Course Materials, Course Completion Certificate and Refreshments
What experience does Instructor has?
All our Instructors are Certified & Industry Experts and they have years of experience in teaching Agile Courses
