Skip to content

Mobile secdev training

Jump to bottom
timur x edited this page Dec 9, 2017 · 1 revision

Training topics (not in the actual time order):

  • Basic principles and concepts
    • definitions, vulnerability catalogues, risk-driven security, threat modeling, OWASP Top 10, ASVS
  • Security by design
    • separation of duties, trust boundaries, defense in depth, principle of least privilege, minimizing the attack surface, risk driven mitigation, using tools and frameworks, securing communications
    • Examples
  • Crypto
    • basic concepts, symmetric-key cryptography, stream ciphers, block ciphers, hashing, MAC, random number generation, proper cryptography in practice
  • Main characteristics of a mobile device
    • A warm-up example depicting a real-life penetration test
    • Fundamental differences between Android vs. iOS platform approaches
  • Platform specific considerations (on both iOS and Android) based on mASVS:
    • Secure data storage (V2)
    • Cryptography (V3)
    • Authentication and session management (V4)
    • Network communications (V5)
    • Environmental interaction (V6)
    • Code quality requirements (V7)
    • Resilience against reversing attempts (V8)

Clone this wiki locally