Authentication and Authorization for iOS/Android Mobile Devices

Course Duration: 30 minutes
Intended Audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers

This course provides an overview of common authentication and authorization approaches for the Android and iOS platforms. These courses continue the ThreadStrong Topics in Mobile Application Security series, which will provide a deeper look into the security issues surrounding mobile devices.

Authentication and authorization are the first line of defense in securing a mobile application, but they are not fool-proof. Developers need to understand the risks of these techniques, and how to protect against these risks. This course, offered for both iOS and Android, covers industry best practices for protecting a mobile application from malicious users using these methods.

Authentication and Authorization for iOS and Android

Lesson 1: Authentication and Authorization
Course Objectives: After completing this lesson, you should be able to:

  • Define authentication and authorization
  • Describe session management for the platform

Lesson 2: Lack of Data Protection In-Transit
Course Objectives: After completing this lesson, you should be able to:

  • Explain various scenarios of how data can be exploited in transit
  • Understand how to protect data in transit for the platform

Lesson 3: Failure to Protect Resources with Strong Authentication
Course Objectives: After completing this lesson, you should be able to:

  • Explain how authentication can be exploitable
  • Describe authentication schemes can be enhanced on the platform

Lesson 4: Insecure On-Device Credential Storage
Course Objectives: After completing this lesson, you should be able to:

  • Describe the types of information that can be gleaned from a mobile device
  • Explain the best practices for secure data storage

On-Site Training Available

If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.

"ThreadStrong's focus on mobile application training significantly increased its value and appeal and will help Sabre's development teams stay ahead and respond quickly to new needs in the mobile space."

Gene Scriven, Sabre Chief Information Security Officer