Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Python
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Mobile App Security (MMAS Exam): Android Edition
Overview

Android™ app development is a valuable skill set for a programmer today. An important part of that skill set is the ability to create apps that protect you, your users, and your users' organizations from attack. In this course, you will learn why it is critical to build security into your Android apps, how to improve your programming processes to promote security, and how to provide countermeasures for the numerous threats to which an Android app and its users are exposed.

Course Objectives

In this course, you will harden native Android mobile apps against attack, and ensure secure network communications and backend web services.
You will:

  • Explain why an organization should devote time and resources to app security, including a specific rationale for Android app development.
  • Identify where and how the Android system architecture is vulnerable to security threats.
  • Employ strategies to promote the security of mobile apps, including specific strategies for Android.
  • Enable an Android app to communicate securely with hardware and software on the device.
  • Enable an Android app to secure data through encryption.
  • Enable an Android app to store data securely.
  • Enable an Android app to communicate securely over networks and with web services.
  • Use the WebView component securely.
  • Protect credentials in storage and in transit.
  • Harden an Android app against attack to levels appropriate for the risk model.
Prerequisites

To ensure your success, you should have experience developing Android apps in Java using Eclipse and the Android SDK. To meet this prerequisite, you can take the course Developing Android™ Mobile Apps for Business. A general understanding of information technology security is also helpful, but not required. We offer various courses on information technology security, including CompTIA® Security+.

Target Student

This course is intended for a programmer or web developer who is experienced with mobile app development in Android and wants to learn how to develop secure apps that are hardened against attack to levels that are appropriate for the risk model of the app. The student has experience developing Android apps and is familiar with the Android SDK, development tools, and processes.

Hardware Requirements

For this course, you will need one computer for each student and one for the instructor. Although Android can potentially be developed on Pentium™ PCs with 32-bit Windows® and 1 GB or less RAM, running emulators requires more memory and processing power. To minimize waiting in the class, it is highly recommended that you provide capable workstations with fast CPUs and as much memory as possible. We have tested various configurations, and have found that the amount of RAM present on your classroom PCs will have a significant impact on the success of the course.
We recommend that you teach this course by using PCs that meet the following minimum hardware configurations:
  • 1 GHz or faster 64-bit (x64) processor
  • 6 gigabytes (GB) RAM
  • 50 GB available hard disk space
  • Keyboard and mouse (or other pointing device)
  • 1,280 × 1,024 or higher resolution monitor
  • Network cards and cabling for local network access
  • Internet access (contact your local network administrator)
  • Projection system to display the instructor's computer screen
Android Devices

No Android devices are required to teach this course. To enable you to equip a classroom inexpensively and with minimal effort, this course has been designed around the use of emulated (rather than real) Android devices, focusing on an emulated Android Level 17 tablet (with Google APIs installed). Activities in this course have been scripted to assume that this Android version and device format will be present in the classroom.
You can teach this course by using real devices if you have an Android 17 tablet available for each student. However, if you choose to use real devices, you should key through the course completely before you teach the class to ensure that you will be able to deal with any differences that may arise from differences between the configuration of the real devices and the emulated devices.
Even if you do not have enough real devices to equip the classroom, you might consider providing opportunities for students to experiment with those that you have on hand. Students might find it beneficial to learn to work with real devices as an activity above and beyond those provided in the student manual. Practice labs provide a good opportunity for students to do such experimentation.

Software Requirements

Android development tools are updated frequently, and the installation process can take considerable time. Although much attention was taken in writing this course to account for possible future differences in the development environment, such variations are impossible to predict. If you can, consider installing the Android development on one system, and then saving an image of that system to transfer onto other classroom computers and using this same system image each time you teach the course.
To prepare a student or instructor system for the class, install the following software according to the instructions provided. You will need the following software for each student and instructor computer:
  • Windows 7 or 8 Professional.
  • Java® SE Development Kit. This course was developed on Java Platform (JDK) 7u25, Windows x86 (32-bit) version. Later versions of Java should work acceptably, but if you use a different version, you should key through the course activities to ensure that the Android development environment functions correctly before you teach the course. At the time the course was written, this software was available for download from www.oracle.com/technetwork/java/javase/downloads.
  • Eclipse Juno SR1 or later and Android SDK version 22 or later. This course was developed on the combined ADT Bundle for Windows of Android Developer Tools Build: v22.0.5-757759, which is provided with the course data files. To ensure that screen shots and activities in the student manual will match what students see, we recommend that you use the same version to set up your course. The installer is available from us as part of the course data file set.
Course duration

3 Days

Course outline

Lesson 1: The Rationale for Android App Security
  • Topic A: Identify the Need for Security
  • Topic B: Identify Security Requirements and Expectations
  • Topic C: Include Security in Your Development Processes
  • Topic D: Identify Your Approach to Risk Management
Lesson 2: The Android Security Architecture
  • Topic A: Strengths and Weaknesses of the Android Security Architecture
  • Topic B: The Android Permissions Model
  • Topic C: Android Vulnerabilities
Lesson 3: Employing Secure Mobile App Development Strategies
  • Topic A: Follow App Security Best Practices
  • Topic B: Design for Security
  • Topic C: Write Secure Java Code
Lesson 4: Accessing Local Processes and Devices Securely
  • Topic A: Select Countermeasures for Local Threats
  • Topic B: Implement Secure Access of Local Processes and Hardware
Lesson 5: Securing Data Through Encryption
  • Topic A: Select Countermeasures for Threats to Cleartext Data
  • Topic B: Implement Encryption
Lesson 6: Accessing Local Storage Securely
  • Topic A: Identify Countermeasures for Local Storage Threats
  • Topic B: Implement Secure Access of Local Storage
Lesson 7: Communicating with Networks and Web Services Securely
  • Topic A: Identify Countermeasures for Networking Threats
  • Topic B: Implement Secure Network Communication
Lesson 8: Using the WebView Component Securely
  • Topic A: Identify Countermeasures for WebView Component Threats
  • Topic B: Implement WebView Security
Lesson 9: Protecting Credentials in Storage and Transit
  • Topic A: Identify Countermeasures for Threats to Credentials
  • Topic B: Implement Secure User Authentication
Lesson 10: Hardening Apps Against Attack
  • Topic A: Identify Countermeasures for Reverse Engineering Threats
  • Topic B: Harden an App
Appendix A: Categories of Permissions

    Please contact your training representative for more details on having this course delivered onsite or online

    Training Outlines - the one stop shopping center for IT training.
    © Training Outlines All rights reserved