Objective
The objective of this course is to create awareness among and train those involved in the development of software solutions with GeneXus about the importance of security and techniques for the detection, validation, and mitigation of potential risks in mobile applications, especially those generated for Android.
It is mainly focused on GeneXus users, from analysts, developers, and testers to project managers, who want to learn more about the features that currently make an ANDROID application safe in its context of use.
OWASP ASVS Mobile (OWASP Mobile Application Security Verification Standard) [1] is used as a reference and course guide.
Duration
The total duration of the course is 16 hours, divided into 2 sessions of 8 hours, taught in person, to a maximum of 14 people.
Instructor
The course instructor will be one of the following professionals:
Requirements
Participants must bring their own computers (notebook or desktop), which must include the possibility of wire or wireless connection to the testing environment that will be deployed. Access is through remote desktop.
Methodology
The course has a theory approach, detailing the basic concepts required to address security issues and a practical component that extends over most of the time.
For each of the OWASP ASVS Mobile issues, the following topics are addressed:
Scope
The main topics of the course are presented below.
Introduction
Presentation of the instructor, the topics to be covered in the course and the work methodology.
OWASP ASVS Mobile
ASVS Mobile, its objectives and levels
Sample applications and setting up of environments
The applications to be used are presented and the environment is set up for the tests to be carried out later.
GeneXus & ASVS Mobile
The items to be addressed are as follows:
Material
The course material will be delivered in digital format to all participants.
The working environment will be provided for the course and will contain the following elements:
[1] https://github.com/OWASP/owasp-masvs/releases
The objective of this course is to create awareness among and train those involved in the development of software solutions with GeneXus about the importance of security and techniques for the detection, validation, and mitigation of potential risks in mobile applications, especially those generated for Android.
It is mainly focused on GeneXus users, from analysts, developers, and testers to project managers, who want to learn more about the features that currently make an ANDROID application safe in its context of use.
OWASP ASVS Mobile (OWASP Mobile Application Security Verification Standard) [1] is used as a reference and course guide.
Duration
The total duration of the course is 16 hours, divided into 2 sessions of 8 hours, taught in person, to a maximum of 14 people.
Instructor
The course instructor will be one of the following professionals:
 |
Ing. Sebastian Passaro Software Security Consultant with GeneXus. Member of the OWASP Uruguay chapter and Co-leader of the chapter. https://www.linkedin.com/in/sebastian-passaro |
 |
Nicolás Adrién Software Security Consultant with GeneXus. www.linkedin.com/in/nicolas- |
Requirements
Participants must bring their own computers (notebook or desktop), which must include the possibility of wire or wireless connection to the testing environment that will be deployed. Access is through remote desktop.
Methodology
The course has a theory approach, detailing the basic concepts required to address security issues and a practical component that extends over most of the time.
For each of the OWASP ASVS Mobile issues, the following topics are addressed:
- Explanation of safety requirements, in particular of the ASVS.
- Description of what GeneXus does automatically to meet these requirements.
- Discussion of what the developer must do to implement the requirement (if necessary).
- Mechanisms for validating the implementation of the safety requirement.
- Practical exercise using GeneXus to detect the problem, exploit it, solve it and verify it.
Scope
The main topics of the course are presented below.
Introduction
Presentation of the instructor, the topics to be covered in the course and the work methodology.
OWASP ASVS Mobile
ASVS Mobile, its objectives and levels
Sample applications and setting up of environments
The applications to be used are presented and the environment is set up for the tests to be carried out later.
GeneXus & ASVS Mobile
The items to be addressed are as follows:
| V1 – Architecture, design and threat modelling requirements |
| V2 – Data storage and privacy requirements |
| V3 – Cryptography requirements |
| V4 – Authentication and session management requirements |
| V5 – Network communication requirements |
| V6 – Environmental interaction requirements |
| V7 – Code quality and build setting requirements |
| V8 – Reverse engineering resilience requirements |
Material
The course material will be delivered in digital format to all participants.
The working environment will be provided for the course and will contain the following elements:
- GeneXus and Knowledge Bases with exercises
- Application generated based on the Knowledge Base
- Android emulator
- Support tools (OWASP ZAP)
[1] https://github.com/OWASP/owasp-masvs/releases