- Overview of Mobile Application Security
- Authentication and Authorization for iOS/Android Mobile Devices
- Data Protection for Android
- Validation and Encoding for Android
- Introduction to Web Application Security
- Secure Coding
for Java - Secure Coding
for .NET - Threat Modeling
- Software Security Remediation Basics
- CSRF Explained
Authentication and Authorization for iOS/Android Mobile Devices
Course Duration: 30 minutes
Intended Audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
This self-paced, e-Learning course provides an overview of common authentication and authorization approaches for the Android and iOS platforms. These courses continue the ThreadStrong Topics in Mobile Application Security series, which will provide a deeper look into the security issues surrounding mobile devices.
Authentication and authorization are the first line of defense in securing a mobile application, but they are not fool-proof. Developers need to understand the risks of these techniques, and how to protect against these risks. This course, offered for both iOS and Android, covers industry best practices for protecting a mobile application from malicious users using these methods.
Lesson 1: Authentication and Authorization
Course Objectives: After completing this lesson, you should be able to:
- Define authentication and authorization
- Describe session management for the platform
Lesson 2: Lack of Data Protection In-Transit
Course Objectives: After completing this lesson, you should be able to:
- Explain various scenarios of how data can be exploited in transit
- Understand how to protect data in transit for the platform
Lesson 3: Failure to Protect Resources with Strong Authentication
Course Objectives: After completing this lesson, you should be able to:
- Explain how authentication can be exploitable
- Describe authentication schemes can be enhanced on the platform
Lesson 4: Insecure On-Device Credential Storage
Course Objectives: After completing this lesson, you should be able to:
- Describe the types of information that can be gleaned from a mobile device
- Explain the best practices for secure data storage
What Is ThreadStrong?
ThreadStrong is a self-paced, e-Learning solution designed by Denim Group's secure application development experts to help developers understand and apply the principles of secure design and coding.
ThreadStrong combines the hands-on knowledge of working software developers with the experience of world-sought trainers, who use best practices to provide practical and in-depth application security training content. Read more >>
Learn More About ThreadStrong
On-Site Training Available
If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.
"ThreadStrong's focus on mobile application training significantly increased its value and appeal and will help Sabre's development teams stay ahead and respond quickly to new needs in the mobile space."