Oreilly - Android Security Essentials
Categories: Tutorials
Oreilly - Android Security Essentials - 9780133829266
Oreilly - Android Security Essentials
by Godfrey Nolan | Publisher: Addison-Wesley Professional | Release Date: January 2013 | ISBN: 9780133829266


3+ Hours of Video InstructionAndroid applications make use of advanced hardware and software, as well as local and server data, exposed through the platform to bring innovation and value to consumers. To protect that value, the platform must offer an application environment that ensures the security of users, data, applications, the device, and the network. Securing an open platform requires a robust security architecture and rigorous security programs, as well as developers who are aware of the security issues that may come up.Android Security Essentials LiveLessonsalerts developers to the security issues that can arise when using the Android platform and guides them though solutions. Godfrey Nolan covers best practices for Android security by examining common security scenarios. Each lesson begins by presenting the concept behind the security problem at hand, with snippets of code introduced as the problem is explored. This is then followed by examination of code or demonstration of tools showing you how to implement the concepts presented.The source code repository for this LiveLesson can be found at https://github.com/godfreynolan/LiveLessons.Godfrey Nolanis founder and president of RIIS, a mobile development firm in the Detroit metro area. Godfrey has spoken at AnDevCon, JavaOne, ASP-Connections, VSLive, CodeMash, Code PaLOUsa, 1DevDay, and many local Java and .NET user groups on a wide range of topics, including continuous integration, executable requirements and mobile security.Skill LevelAll levelsWhat You Will LearnHow to write secure Android apps using the OWASP top 10 as a guidelineHow to do an audit your own Android appWho Should Take This CourseAndroid developersSecurity professionalsAndroid project managersCIOsCourse RequirementsBasic understanding of functionality of Android phones, some Java experience would be helpful but not essential.Lesson 1: Android Security BasicsThis lesson explains the problems with Android from a security perspective. We dive right in and show how to reverse engineer an Android APK to view its source as well as backup an APK's data to see what runtime customer information is exposed. The lesson also introduces the OWASP Mobile top 10 risks from the Open Web Application Security Project which we cover detail in each lesson.Lesson 2: Dealing with Insecure DataLesson 2 walks you through where runtime data is stored on the Android device, how to use Android file permissions to securely write data to an SD-card and also looks at how to write securely to a SQLite database.Lesson 3: Weak Server Side ControlsThis lesson deals with storing and securing data stored on backend web servers or in the cloud. You learn what the implications are of using remote servers for storing application data as well as how to secure the data.Lesson 4: Insufficient Transport Layer ProtectionThis lesson builds on what we learned in Lesson 3. You learn how to perform a man-in-the-middle attack to see how insecure data is transmitted and how SSL can secure the traffic.Lesson 5: Client Side InjectionMany Android apps are not 100% native and contain one or more HTML pages as webviews. Learn how to secure these hybrid apps by understanding how cross-site scripting and SQL injection are used to attack your web server.Lesson 6: Poor AuthorizationThis lesson explains what the options are for logging in to an Android app, how they can be compromised and best practices for user authorization.Lesson 7: Improper Session HandlingBuilding on Lesson 6, this lesson explains why mobile sessions are different from web sessions. Learn how to implement mobile sessions securely as well as use OAuth to log in to social media websites.Lesson 8: Security Decisions via Untrusted InputsLearn how the Android framework manages communication between Android apps and how that can be exploited. Understand the principle of minimum Android manifest permissions and what permissions should be avoided.Lesson 9: Side Channel Data LeakageAndroid apps, probably more than other mobile platform, have a tendency to leak information in log files. In the past, third party libraries from advertising companies have also collected more customer information than they needed. In this lesson learn how to remove all logging for your production app and how to use proxy servers and decompilers to know exactly what your third party apps are collecting.Lesson 10: Broken CryptographyLearn what types of synchronous and asynchronous encryption can be used in Android apps, why it's not a good idea to store the keys in the code or on the device, how to store the key using the NDK as well as encryption best practices using asynchronous techniques.Lesson 11: Sensitive Information DisclosureWhile Lesson 2 looked at the runtime information that may or may not be exposed, Lesson 11 looks at how developers are exposing information hard coded in the compiled application such as encryption keys and how this potentially exposes more customer information.Lesson 12: ConclusionIn the final lesson we review the OWASP top 10 and use a tool from OWASP called GoatDroid that will help you get a better understanding of how to write more secure Android code.LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home & Office Technologies, Business & Management, and more. View all LiveLessons on InformIT at http://www.informit.com/imprint/series_detail.aspx?ser=2185116
  1. Introduction
    • Introduction to Android Security Essentials LiveLessons 00:03:47
  2. Lesson 1: Android Security Basics
    • Learning objectives 00:00:35
    • 1.1 Understand the OWASP mobile top 10 security risks and why Android can be an insecure platform 00:05:28
    • 1.2 Download and reverse engineer a sample Android APK and use adb to recover backup data 00:08:58
  3. Lesson 2: Dealing with Insecure Data
    • Learning objectives 00:00:45
    • 2.1 Understand the data storage options on the Android platform 00:03:46
    • 2.2 Understand Android permissions and how to gain access to insecure data 00:03:09
    • 2.3 Securely write to an SD-card and a SQLite database 00:14:30
  4. Lesson 3: Weak Server Side Controls
    • Learning objectives 00:00:43
    • 3.1 Understand the OWASP Web Top 10 00:09:25
    • 3.2 Understand the OWASP Cloud Top 10 00:06:41
  5. Lesson 4: Insufficient Transport Layer Protection
    • Learning objectives 00:00:54
    • 4.1 Encrypt sensitive data for transmission 00:09:17
    • 4.2 Use a proxy to perform man-in-the-middle attacks 00:05:15
  6. Lesson 5: Client Side Injection
    • Learning objectives 00:00:36
    • 5.1 Differentiate between native Android, HTML5 apps and hybrid apps 00:07:01
    • 5.2 Understand how hybrid apps can be exploited using XSS and SQL injection and how basic data validation can stop such attacks 00:05:31
  7. Lesson 6: Poor Authorization
    • Learning objectives 00:00:38
    • 6.1 Understand how tokens such as device IDs, time etc. are often used to poorly authenticate the users 00:02:23
    • 6.2 Understand best practices for user authentication and account validation 00:08:11
  8. Lesson 7: Improper Session Handling
    • Learning objectives 00:00:29
    • 7.1 Differentiate between web and mobile session management 00:02:37
    • 7.2 Use social media websites for session management 00:05:07
  9. Lesson 8: Security Decisions via Untrusted Inputs
    • Learning objectives 00:00:28
    • 8.1 Understand Android intents and how they can be abused 00:06:05
    • 8.2 Understand Android permissions and why an app might be asking for more permissions than it needs 00:05:38
  10. Lesson 9: Side Channel Data Leakage
    • Learning objectives 00:00:51
    • 9.1 Understand how third party libraries are used for collecting data in a an Android app 00:05:51
    • 9.2 Examine log files as a source of data leakage 00:06:01
  11. Lesson 10: Broken Cryptography
    • Learning objectives 00:00:57
    • 10.1 Understand types of cryptography used in a typical Android app 00:01:58
    • 10.2 Understand why it is usually not a good idea to store a key on the client/device 00:02:38
    • 10.3 Use the NDK or database encryption to hide API or encryption keys 00:09:01
  12. Lesson 11: Sensitive Information Disclosure
    • Learning objectives 00:00:47
    • 11.1 Explain how sensitive information gets stored in an APK 00:07:25
    • 11.2 Understand best practices for storing sensitive information 00:13:24
  13. Lesson 12: Conclusion
    • Learning objectives 00:00:34
    • 12.1 Use third party tools (GoatDroid) to get better at writing secure Android code 00:10:06
    • 12.2 Summarize the tips shown in these lessons 00:04:21
  14. Summary
    • Summary of Android Security Essentials LiveLessons 00:02:27

    15. Oreilly - Android Security Essentials


 TO MAC USERS: If RAR password doesn't work, use this archive program: 

RAR Expander 0.8.5 Beta 4  and extract password protected files without error.


 TO WIN USERS: If RAR password doesn't work, use this archive program: 

Latest Winrar  and extract password protected files without error.


 Coktum   |  

Information
Members of Guests cannot leave comments.


SermonBox - Seasonal Collection

SermonBox - The Series Pack Collection

Top Rated News

  • Christmas Material
  • Laser Cut & Print Design Elements Bundle - ETSY
  • Daz3D - All Materials - SKU 37000-37999
  • Cgaxis - All Product - 2019 - All Retail! - UPDATED!!!
  • DigitalXModels Full Collections
  • Rampant Design Tools Full Collections Total: $4400
  • FilmLooks.Com Full Collection
  • All PixelSquid Product
  • The Pixel Lab Collection
  • Envato Elements Full Sources- 3200+ Files
  • Ui8.NET Full Sources
  • The History of The 20th Century
  • The Dover Collections
  • Snake Interiors Collections
  • Inspirational Collections
  • Veer Fancy Collections
  • All Ojo Images
  • All ZZVE Collections
  • All Sozaijiten Collections
  • All Image Broker Collections
  • Shuterstock Bundle Collections
  • Tattoo Collections
  • Blend Images Collections
  • Authors Tuorism Collections
  • Motion Mile - Big Bundle
  • PhotoBacks - All Product - 2018
  • Dekes Techniques - Photoshop & Illustrator Course - 1 to 673

Would you like to be a Author?

Categories Sitemap

Telegram GFXTRA Group
Udemy - Turkce Gorsel Ogrenme Setleri - Part 2
Videohive Wow Pack Series


rss