Authentication and Authorization for iOS/Android Mobile Devices

Course Duration: 30 minutes
Intended Audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers

This self-paced, e-Learning course provides an overview of common authentication and authorization approaches for the Android and iOS platforms. These courses continue the ThreadStrong Topics in Mobile Application Security series, which will provide a deeper look into the security issues surrounding mobile devices.

Authentication and authorization are the first line of defense in securing a mobile application, but they are not fool-proof. Developers need to understand the risks of these techniques, and how to protect against these risks. This course, offered for both iOS and Android, covers industry best practices for protecting a mobile application from malicious users using these methods.

Lesson 1: Authentication and Authorization
Course Objectives: After completing this lesson, you should be able to:

  • Define authentication and authorization
  • Describe session management for the platform

Lesson 2: Lack of Data Protection In-Transit
Course Objectives: After completing this lesson, you should be able to:

  • Explain various scenarios of how data can be exploited in transit
  • Understand how to protect data in transit for the platform

Lesson 3: Failure to Protect Resources with Strong Authentication
Course Objectives: After completing this lesson, you should be able to:

  • Explain how authentication can be exploitable
  • Describe authentication schemes can be enhanced on the platform

Lesson 4: Insecure On-Device Credential Storage
Course Objectives: After completing this lesson, you should be able to:

  • Describe the types of information that can be gleaned from a mobile device
  • Explain the best practices for secure data storage

What Is ThreadStrong?

ThreadStrong is a self-paced, e-Learning solution designed by Denim Group's secure application development experts to help developers understand and apply the principles of secure design and coding.

ThreadStrong combines the hands-on knowledge of working software developers with the experience of world-sought trainers, who use best practices to provide practical and in-depth application security training content. Read more >>

Learn More About ThreadStrong

On-Site Training Available

If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.

"ThreadStrong's focus on mobile application training significantly increased its value and appeal and will help Sabre's development teams stay ahead and respond quickly to new needs in the mobile space."

Gene Scriven, Sabre Chief Information Security Officer