Mobile Application Security Course

You will learn about the main security risks that exist today. In addition, you will learn techniques for the detection, validation, and mitigation of potential risks of applications, which will allow you to develop secure applications with GeneXus.
Live online
Español   |   English   |  Português
The objective of this course is to create awareness among and train those involved in the development of software solutions with GeneXus about the importance of security and techniques for the detection, validation, and mitigation of potential risks in mobile applications, especially those generated for Android.

It is mainly focused on GeneXus users, from analysts, developers, and testers to project managers, who want to learn more about the features that currently make an ANDROID application safe in its context of use.

OWASP ASVS Mobile (OWASP Mobile Application Security Verification Standard) [1] is used as a reference and course guide.  

The total duration of the course is 16 hours, divided into 2 sessions of 8 hours, taught in person, to a maximum of 14 people. 

The course instructor will be one of the following professionals:
Ing. Sebastian Passaro
Software Security Consultant with GeneXus.
Member of the OWASP Uruguay chapter and Co-leader of the chapter.
Nicolás Adrién
Software Security Consultant with GeneXus.

Participants must bring their own computers (notebook or desktop), which must include the possibility of wire or wireless connection to the testing environment that will be deployed. Access is through remote desktop.

The course has a theory approach, detailing the basic concepts required to address security issues and a practical component that extends over most of the time.
For each of the OWASP ASVS Mobile issues, the following topics are addressed:
  • Explanation of safety requirements, in particular of the ASVS.
  • Description of what GeneXus does automatically to meet these requirements.
  • Discussion of what the developer must do to implement the requirement (if necessary).
  • Mechanisms for validating the implementation of the safety requirement.
  • Practical exercise using GeneXus to detect the problem, exploit it, solve it and verify it.

The main topics of the course are presented below.

Presentation of the instructor, the topics to be covered in the course and the work methodology.

ASVS Mobile, its objectives and levels

Sample applications and setting up of environments
The applications to be used are presented and the environment is set up for the tests to be carried out later.

GeneXus & ASVS Mobile
The items to be addressed are as follows:
V1 – Architecture, design and threat modelling requirements
V2 – Data storage and privacy requirements
V3 – Cryptography requirements
V4 – Authentication and session management requirements
V5 – Network communication requirements
V6 – Environmental interaction requirements
V7 – Code quality and build setting requirements
V8 – Reverse engineering resilience requirements

The course material will be delivered in digital format to all participants.

The working environment will be provided for the course and will contain the following elements:
  • GeneXus and Knowledge Bases with exercises
  • Application generated based on the Knowledge Base
  • Android emulator
  • Support tools (OWASP ZAP)
The test environment will not be provided to participants, but will be used exclusively for the purpose of teaching the course.


It may interest you:

Web Application Security Course