Mobile Application Security Course

You will learn about the main security risks that exist today. In addition, you will learn techniques for the detection, validation, and mitigation of potential risks of applications, which will allow you to develop secure applications with GeneXus.
Classroom Training
Live online
Español   |   English   |  Português
Objective
The objective of this course is to create awareness among and train those involved in the development of software solutions with GeneXus about the importance of security and techniques for the detection, validation, and mitigation of potential risks in mobile applications, especially those generated for Android.

It is mainly focused on GeneXus users, from analysts, developers, and testers to project managers, who want to learn more about the features that currently make an ANDROID application safe in its context of use.

OWASP ASVS Mobile (OWASP Mobile Application Security Verification Standard) [1] is used as a reference and course guide.  

Duration
The total duration of the course is 16 hours, divided into 2 sessions of 8 hours, taught in person, to a maximum of 14 people. 

Instructor
The course instructor will be one of the following professionals:
 
Gerardo Canedo, Engineer
IT Security and GeneXus Software Architecture Specialist.
Member of OWASP Uruguay chapter.
https://www.linkedin.com/in/gcanedo
Martín Marsicano, Engineer
GeneXus Software Architecture Consultant.
https://www.linkedin.com/in/martinmarsicano

Requirements
Participants must bring their own computers (notebook or desktop), which must include the possibility of wire or wireless connection to the testing environment that will be deployed. Access is through remote desktop.

Methodology
The course has a theory approach, detailing the basic concepts required to address security issues and a practical component that extends over most of the time.
 
For each of the OWASP ASVS Mobile issues, the following topics are addressed:
 
  • Explanation of safety requirements, in particular of the ASVS.
  • Description of what GeneXus does automatically to meet these requirements.
  • Discussion of what the developer must do to implement the requirement (if necessary).
  • Mechanisms for validating the implementation of the safety requirement.
  • Practical exercise using GeneXus to detect the problem, exploit it, solve it and verify it.

Scope
The main topics of the course are presented below.

Introduction
Presentation of the instructor, the topics to be covered in the course and the work methodology.

OWASP ASVS Mobile
ASVS Mobile, its objectives and levels

Sample applications and setting up of environments
The applications to be used are presented and the environment is set up for the tests to be carried out later.

GeneXus & ASVS Mobile
The items to be addressed are as follows:
V1 – Architecture, design and threat modelling requirements
V2 – Data storage and privacy requirements
V3 – Cryptography requirements
V4 – Authentication and session management requirements
V5 – Network communication requirements
V6 – Environmental interaction requirements
V7 – Code quality and build setting requirements
V8 – Reverse engineering resilience requirements

Material
The course material will be delivered in digital format to all participants.

The working environment will be provided for the course and will contain the following elements:
  • GeneXus and Knowledge Bases with exercises
  • Application generated based on the Knowledge Base
  • Android emulator
  • Support tools (OWASP ZAP)
The test environment will not be provided to participants, but will be used exclusively for the purpose of teaching the course.

[1] https://github.com/OWASP/owasp-masvs/releases