Though most organizations have made rapid strides in securing their networks, many are still vulnerable to problems from the misuse of mobile applications. As more employees are using their own devices for work, the potential for compromising security is increasing. There’s a shortage of developers with mobile app security skills. Organizations need to bring staff up to speed quickly in this vital function.
Following is a curriculum for training for mobile app security in an Android environment for employees who are experienced with mobile app development but need additional training on developing secure apps that are hardened against attack. With this curriculum, the training can be covered in a three-day period.
Lesson 1: The Rationale for Android App Security
This introductory lesson teaches learners the need for security; how to identify security requirements and expectations; how to include security in development processes; and how to identify a particular approach to risk management.
Lesson 2: Android Security Architecture
Topics cover the strengths and weaknesses of the Android security architecture; the Android permissions model; and Android vulnerabilities.
Lesson 3: Employing Secure Mobile App Development Strategies
This lesson’s topics include best practices in security, designing for security, and writing secure Java code.
Lesson 4: Accessing Local Processes and Devices Securely
Training participants are taught how to select countermeasures for local threats and how to implement the secure access of local processes and hardware.
Lesson 5: Securing Data through Encryption
This lesson teaches learners how to select countermeasures for threats to Cleartext data and the implementation of encryption.
Lesson 6: Accessing Local Storage Securely
Learners are taught to identify countermeasures for local storage threats and to implement secure access of local storage.
Lesson 7: Communicating with Networks and Web Services Securely
Topics cover identifying countermeasures for networking threats and implementing secure network communication.
Lesson 8: Using WebView Component Securely
This lesson teaches learners how to identify countermeasures for WebView component threats and how to implement WebView security.
Lesson 9: Protecting Credentials in Storage and Transit
Training participants learn to identify countermeasures for threats to credentials and to implement secure user authentication.
Lesson 10: Hardening Apps against Attack
Topics include identifying countermeasures for reverse-engineering threats and hardening an app.
Though training departments must provide employees with increased skills in many different areas so they can remain competitive, it’s essential that training to protect the integrity of their information systems be made one of their highest priorities.
As with all virtual instructor-led training programs, training for mobile app security should be conducted by trainers who have been taught to deliver virtual training.
Bill Rosenthal is CEO of Logical Operations, Inc . Founded in 1982, his company helps organizations and individuals maximize the productivity of training with an adaptable expert-facilitated learning experience that provides next-generation multi-platform learning curricula. Its more than 4,600 titles are designed for any learning environment.