Course

 
 

The course is built in a 3-day format, with different options for different interests. The first day is cross-platform, while days 2 and 3 are focused on iOS and Android topics, respectively.                   


What follows is a brief description of the course agenda. For a more detailed course outline and agenda, please contact us via email.


Day one

This first day is intended to provide a good overview of the security problems associated with mobile devices.


Topics covered:

  1. A cross-platform look at the problem space, with live demonstrations of common weaknesses and how to attack them--and plenty of time for questions and discussions.

  2. Primer on identity management and cloud computing for mobile applications

  3. Using threat modeling to find (and remove) architectural weaknesses

  4. How to best perform code reviews


(Day one is applicable to software developers as well as IT security practitioners who want to better understand the security issues associated with mobile applications.)


Day two - iOS

Day two is iOS day. Platform-specific issues are discussed, along with remediations, and how to implement them. Where applicable, code examples are provided and discussed at length. Coding labs are also used to help the student internalize the topics discussed.


Topics covered:

  1. Common platform weaknesses (using OWASP’s iGoat)

  2. Analyzing an off-the-shelf app (and learning from its problems)

  3. Platform and application architecture

  4. Coding lab on building application security controls into your application

  5. Setting up a test rig and testing the security of mobile applications


Day three - Android

Day three is Android day. The flow generally is similar to the iOS day above, but with Android specific tools and techniques being covered.


NOTE: Days two and three are intended for hands-on mobile app developers. Students are required to bring their own laptops, with the appropriate SDK(s) installed and functioning. Additional software tools will be provided.



Prior testimonials


"Ken van Wyk runs an up-to-date comprehensive course that I would highly recommend it to anyone in this area.
He presents with years of experience and stories, in a friendly, down-to-earth fashion, adjusting his presentation style to the audience. In the course, he presents a balanced approach and explains the cost-benefits of mitigation controls. He never gets carried away and reminds us of the real goal, which is to serve business. He doesn't try to push any particular vender, technology or system. Nor does he try to sell you any of his books but he will be glad to sign them if you do.
I learnt a lot and really enjoyed the course. Thanks Ken”


Attendee, KRvW WebAppSec Training



"The knowledge and transfer was a great baseline and with the additional resources Gunnar made available, made this one of the best one day classes I've taken."

- IT Security Lead, Fortune 10 enterprise



“"We have attendees fill our rather extensive surveys on each class they take at our Software Security Summits. Kenneth R. van Wyk is one of our highest rated speakers and we have invited him back to speak at several of our events (each one, in fact)."


Ted Bahr
Conference Director

Software Security Summit


"Everything I know about Web Services security I learned in this class."

  1. -Bill W., Developer



"Given Ken's wealth of experience, he speaks with authority. But what I find even more remarkable, is his great integrity and empathy resulting in classes that never fail to engage."

Johan Peeters
Programme Director, SecAppDev (
http://www.secappdev.org)

Principal, Johan Peeters bvba (http://www.johanpeeters.com)



"The tutorial was very interesting and displayed effectively the different points of view between developers, project managers and other interested parties. The example exercises really pushed home the ideas of catching things early and what common mistakes can be made."
(Anonymous)

Attendee of AusCERT, 2006


Need a more specific course outline/description? Please contact us for details.


All content Copyright 2012-13, KRvW Associates, LLC and Arctec Group, LLC

 

Three days
Three topics


Course details