Andaira Technology

 

Android Security 


Certificación: N/A 

Acreditación: Ninguna 

Duración: 2 días 

Idioma del material: Inglés 

Formato: Presencial 

Créditos: N/A

Introducción:

Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of when developing software for Android. Typical security pitfalls and vulnerabilities are described, along with recommendations and best practices to avoid and mitigate them.

The course explains the strengths and weaknesses of Android’s security architecture along with typical mistakes to avoid when developing software for the platform.

Audiencia:

Android application developers, architects and testers

Objetivos:

Individuals certified at this level will have demonstrated:

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on Android
  • Learn to use various security features of the Android platform
  • Get information about some recent vulnerabilities in Java on Android
  • Get basic understanding on native code vulnerabilities on Android
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further reading on secure coding practices

Prerrequisitos:

None

Material del curso:

You will receive the following as part of this course:

  • A participant handbook with reference materials
  • Virtual machine with the exercises (to be distributed by the instructor on a USB drive)

Examen:

There are no exams associated with this course

Requisitos técnicos:

A preinstalled exercise environment in the form of desktop virtual machine will be distributed on USB sticks for the participants at the start of the course by the instructor.

Hardware and software specifications for the used host PCs are:

  • CPU equivalent to Core i5 with virtualization technology is recommended, minimum is Core i3 (or equivalent laptop processors)
  • 4GB is recommended, minimum is 2GB
  • At least 20 GB free space on the HDD.
  • Display resolution minimum 1024×768 (the larger the better)
  • Keyboard, mouse: any can be used as long as participants are familiar with them.
  • VMware Player minimal version is 3.2, preferred is 5.0.4.

Temario:

IT security and secure coding

  • Nature of security
  • IT security related terms
  • Definition of risk
  • IT security vs. secure coding
  • From vulnerabilities to botnets and cybercrime
  • Classification of security flaws

Android security overview

  • Android fragmentation challenges
  • The Android software stack
  • OS security features and exploit mitigation techniques
  • The Linux kernel
  • Filesystem security
  • Dalvik
  • Deploying applications

Application security

  • Permissions
  • Writing secure Android applications
  • Cryptography on Android

Android and Java vulnerabilities

  • Input validation
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Buffer overflow possibilities in Android
  • Protection techniques – ASLR, XN, RELRO, …
  • Improper use of security features
  • Improper error and exception handling
  • Code quality problems

Testing Android code

  • Testing Android code
  • Android Lint
  • Android Lint – Security features
  • Lint exercise
  • PMD
  • PMD exercise

Knowledge sources

  • Secure coding sources – a starter kit
  • Vulnerability databases