Android Secure Coding
Android Secure Coding
تهدف الدورة الى توعية المطورين الى المخاطر التي يمكن ان تصيب التطبيقات وكيف يمكن تجنب هذه المخاطر وجعل التطبيقات أكثر أماناً، وسيتم التطرق الى العديد من المواضيع بدءاً من بنية الاندرويد ومعماريتها، والمخاطر في التطبيقات التي يكتبها المطور وكيف يتم تجنبها، والصلاحيات في أنظمة 6 وكيف يمكن طلبها بشكل صحيحة بالإضافة الى المرور بكفية التعامل الآمن مع الخدمات والويب، وكيف يمكن عمل تشويش وتمويه في الكود، بالإضافة الى طرق عمل Reverse Engineering للكود وتتبع الطلبات التي يقوم بها التطبيق، وغيرها الكثير من المواضيع المتعلقة.
• Introduction to Android Security
o Software security terms
o Threats, vulnerabilities, and risks
o Mobile application security
o Android Application Architecture
o Android Security Architecture
o Permissions (cover v6)
o Inter-application communication
• Apps Vulnerabilities & Security
o Securing Your Application from Attacks
o OWASP top 10 vulnerabilities for mobiles
o Malware and Spyware
o Input validation
o Handling users' data and credentials
o Inter-application communication
• Secure Data Storage and Networking
o Public Key Infrastructure
o Cryptography in Mobile Applications
o Data Storage in Android
o Password management
o HTTPS
o SSL and TSL
o Server and client certificates
o Android Studio & Singing
• Talking to Web Apps & Services
o Multifactor authentication
o Login implementations
o Account Manager
o OAuth
o Securing Android for the Enterprise Environment
• Playing with SQLite
o Understanding SQLite in depth
o SQL Injection
• Mobile Web Security
o Cross-Site Scripting
o Cross-Site Request Forgery
o Android Web View vulnerability
o Phishing
• Android Secure Coding Guideline
o Java Language Secure Coding principles
o Creating/Using Activities
o Receiving/Sending Broadcasts
o Creating/Using Content Provider
o Creating/Using Services
o Handling Files
o Using Browsable Intent
o Outputting Log to Log Cat
o Risk of Information Leakage from Clipboard
• Reverse Engineering Android Applications
o Reverse Engineering Methodology for Android Applications
o DEX File Format
o Defensive Strategies
• Pen Testing Android
o Penetration Testing Methodology
o Tools for Penetration Testing Android
o Writing the Pentest Report
• Traffic Analysis for Android Devices
o Android traffic interception
o HTTPS Proxy interception
o Extracting sensitive files with packet capture
o Android Forensics & Tools
| Timing | Location | Price | Student Price | Online Price | Trainer | Registeration Status | Feedback |
|---|---|---|---|---|---|---|---|
| الأحد 5/3/2017 صباحاً | 3300.00 | 999.00 | 495.00 | Wajdy Essam Ahmed | Registeration is closed | Feedback is closed | |
| الأحد 12/3/2017 مساءً | 3300.00 | 999.00 | 495.00 | Wajdy Essam Ahmed | Registeration is closed | Feedback is closed |
| Speaker Language | Arabic |
|---|---|
| Content Language | Both English & Arabic |
| Target Users | •مطورين الاندرويد •المهتمين بحماية تطبيقات الأندرويد |
| Duration | 5 Days |
•معرفة بأساسيات البرمجة بالجافا أو الاندرويد
Wajdy Essam is a systems architect with over 8 years of industry experience in a wide variety of domains including internet security, microservices, web and mobile applications. His working interests range from web application & APIs security, malware analysis to cryptography.
Wajdy Essam is a systems architect with over 8 years of industry experience in a wide variety of domains including internet security, microservices, web and mobile applications. His working interests range from web application & APIs security, malware analysis to cryptography.