Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Python
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Mobile App Security (MMAS Exam): iOS Edition
Overview

iOS app development is a valuable skill set for a programmer today. An important part of that skill set is the ability to create apps that protect you, your users, and your users' organizations from attack. In this course, you will learn why it is critical to build security into your iOS apps, how to improve your programming processes to promote security, and how to provide countermeasures for the numerous threats to which an iOS app and its users are exposed.

Course Objectives

In this course, you will develop secure native apps for iOS mobile devices.
You will:

  • Explain why an organization should devote time and resources to app security, including specific rationale for iOS app development.
  • Identify where and how the iOS system architecture is vulnerable to security threats.
  • Apply strategies to promote the security of mobile apps, including specific strategies for iOS.
  • Enable an iOS app to communicate securely with hardware and software on the device.
  • Enable an iOS app to secure data through encryption.
  • Enable an iOS app to store data securely.
  • Enable an iOS app to communicate securely over networks and with web services.
  • Use the UIWebView component securely.
  • Protect credentials in storage and in transit.
  • Harden an iOS app against attack to levels appropriate for the risk model.
Prerequisites

To ensure your success in this course, you should have experience developing native apps in iOS using Xcode and the Objective-C programming language. A general understanding of information technology security is also helpful, but not required. We offer various courses on information technology security, including CompTIA® Security+.

Target Student

Students taking this course are software developers who are experienced with mobile app development in iOS and want to improve the security of apps they develop. Student have experience developing iOS apps, and are familiar with the iOS SDK, development tools, and processes.

Hardware Requirements

For this course, you will need one computer for each student and one for the instructor. Each computer will need the following minimum hardware configurations:
  • Intel-based Mac running Mac OS X Mountain Lion 10.8.4 or later
  • CD-ROM drive
  • Keyboard and mouse (or other pointing device)
  • 1,024 × 768 resolution monitor; higher resolution recommended, if possible
  • Network cards and cabling for local network access
  • Internet access (contact your local network administrator)
  • Projection system to display the instructor's computer screen
Software Requirements

To prepare a student or instructor system for the class, install the following software according to the instructions provided. You will need the following software for each student and instructor computer:
  • Xcode 5 with the iOS7 SDK, from developer.apple.com
  • iGoat 2.0, provided with the course data files
Course duration

3 Days

Course outline

Lesson 1: The Rationale for IOS App Security
  • Topic A: Identify the Need for Security
  • Topic B: Identify Security Requirements and Expectations
  • Topic C: Include Security in Your Development Processes
  • Topic D: Identify Your Approach to Risk Management
Lesson 2: The iOS Security Architecture
  • Topic A: Strengths and Weaknesses of the iOS Security Architecture
  • Topic B: iOS App Construction
  • Topic C: iOS Vulnerabilities
Lesson 3: Employing Secure Mobile App Development Strategies
  • Topic A: Follow App Security Best Practices
  • Topic B: Protect Against Threats
  • Topic C: Software Development Life Cycle (SDLC)
  • Topic D: Design for Security
  • Topic E: Conduct Security Testing and Analysis
  • Topic F: Write Secure Objective-C Code
Lesson 4: Accessing Local Processes and Devices Securely
  • Topic A: Select Countermeasures for Local Threats
  • Topic B: Implement Secure Access of Local Processes and Hardware
Lesson 5: Securing Data Through Encryption
  • Topic A: Select Countermeasures for Threats to Cleartext Data
  • Topic B: Implement Encryption
Lesson 6: Accessing Local Storage Securely
  • Topic A: Identify Countermeasures for Local Storage Threats
  • Topic B: Implement Secure Access of Local Storage
Lesson 7: Communicating with Networks and Web Services Securely
  • Topic A: Identify Networking Threats
  • Topic B: Identify Countermeasures for Networking Threats
  • Topic C: Implement Secure Network Communication
Lesson 8: Using the UIWebView Component Securely
  • Topic A: Identify Countermeasures for UIWebView Component Threats
  • Topic B: Implement UIWebView Security
Lesson 9: Protecting Credentials in Storage and Transit
  • Topic A: Identify Countermeasures for Threats to Credentials
  • Topic B: Implement Secure User Authentication
  • Topic C: Implement Keychain
Lesson 10: Hardening Apps Against Attack
  • Topic A: Identify Countermeasures for Reverse Engineering Threats
  • Topic B: Harden an App
Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved