New Students Take 10% Off. Use WELCOME10 At Checkout Time.

Mobile App Security. Pass Your MMAS Exam: Android Edition -3 Days. - elite-it-training-center

Mobile App Security. Pass Your MMAS Exam: Android Edition -3 Days.

Regular price $1,695.00 Sale

Loading...

Course Specifications

Course Number:

094101

Course Length:

3 days

Course Description

Overview:

Android app development is a valuable skill set for a programmer today. An important part of that skill set is the ability to create apps that protect you, your users, and your users' organizations from attack. In this course, you will learn why it is critical to build security into your Android apps, how to improve your programming processes to promote security, and how to provide countermeasures for the numerous threats to which an Android app and its users are exposed.

Course Objectives:

In this course, you will harden native Android mobile apps against attack, and ensure secure network communications and backend web services.

You will:

  • Explain why an organization should devote time and resources to app security, including a specific rationale for Android app development.
  • Identify where and how the Android system architecture is vulnerable to security threats.
  • Employ strategies to promote the security of mobile apps, including specific strategies for Android.
  • Enable an Android app to communicate securely with hardware and software on the device.
  • Enable an Android app to secure data through encryption.
  • Enable an Android app to store data securely.
  • Enable an Android app to communicate securely over networks and with web services.
  • Use the WebView component securely.
  • Protect credentials in storage and in transit.
  • Harden an Android app against attack to levels appropriate for the risk model.

 

Target Student:

This course is intended for a programmer or web developer who is experienced with mobile app development in Android and wants to learn how to develop secure apps that are hardened against attack to levels that are appropriate for the risk model of the app. The student has experience developing Android apps and is familiar with the Android SDK, development tools, and processes.

Prerequisites:

To ensure your success, you should have experience developing Android apps in Java using Eclipse and the Android SDK. To meet this prerequisite, you can take the course Developing Android Mobile Apps for Business.

A general understanding of information technology security is also helpful, but not required. offers various courses on information technology security, including CompTIA Security+.

Course-specific Technical Requirements

Hardware

For this course, you will need a laptop computer with the following minimum hardware configurations:

  • 1 GHz or faster 64-bit (x64) processor
  • 6 gigabytes (GB) RAM
  • 50 GB available hard disk space
  • Keyboard and mouse (or other pointing device)
  • 1,280 × 1,024 or higher resolution monitor
  • Network cards and cabling for local network access
  • Internet access

Android Devices

No Android devices are required to attend this course. This course has been designed around the use of emulated (rather than real) Android devices, focusing on an emulated Android Level 17 tablet (with Google APIs installed). 

Students might find it beneficial to bring real devices as an activity above and beyond those provided in the student manual. Practice labs provide a good opportunity for students to do such experimentation.

Software

Android development tools are updated frequently, and the installation process can take considerable time. 

The following software will need to be installed on your laptop for class. 

  • Windows 7 or 8 Professional.

  • Java SE Development Kit. This course was developed on Java Platform (JDK) 7u25, Windows x86 (32-bit) version. Later versions of Java should work acceptably, but if you use a different version, you should key through the course activities to ensure that the Android development environment functions correctly before you teach the course. At the time the course was written, this software was available for download from www.oracle.com/technetwork/java/javase/downloads.

  • Eclipse Juno SR1 or later and Android SDK version 22 or later. This course was developed on the combined ADT Bundle for Windows of Android Developer Tools Build: v22.0.5-757759, which is provided with the course data files.

     

Course Content

Lesson 1: The Rationale for Android App Security

Topic A: Identify the Need for Security

Topic B: Identify Security Requirements and Expectations

Topic C: Include Security in Your Development Processes

Topic D: Identify Your Approach to Risk Management

Lesson 2: The Android Security Architecture

Topic A: Strengths and Weaknesses of the Android Security Architecture

Topic B: The Android Permissions Model

Topic C: Android Vulnerabilities

Lesson 3: Employing Secure Mobile App Development Strategies

Topic A: Follow App Security Best Practices

Topic B: Design for Security

Topic C: Write Secure Java Code

Lesson 4: Accessing Local Processes and Devices Securely

Topic A: Select Countermeasures for Local Threats

Topic B: Implement Secure Access of Local Processes and Hardware

Lesson 5: Securing Data Through Encryption

Topic A: Select Countermeasures for Threats to Cleartext Data

Topic B: Implement Encryption

Lesson 6: Accessing Local Storage Securely

Topic A: Identify Countermeasures for Local Storage Threats

Topic B: Implement Secure Access of Local Storage

Lesson 7: Communicating with Networks and Web Services Securely

Topic A: Identify Countermeasures for Networking Threats

Topic B: Implement Secure Network Communication

Lesson 8: Using the WebView Component Securely

Topic A: Identify Countermeasures for WebView Component Threats

Topic B: Implement WebView Security

Lesson 9: Protecting Credentials in Storage and Transit

Topic A: Identify Countermeasures for Threats to Credentials

Topic B: Implement Secure User Authentication

Lesson 10: Hardening Apps Against Attack

Topic A: Identify Countermeasures for Reverse Engineering Threats

Topic B: Harden an App

Appendix A: Categories of Permissions

Appendix B: CompTIA ADR-001 Exam Objectives Mapping


Questions about the course?