Secure software development for Android and iOS technology stacks training course

The training course will help gain a wide set of knowledge on secure development best practices in general and, in particular, best practices for iOS and Android platforms. The participants will learn how to identify and examine security bugs for both platforms, the ways of their avoidance. They will acquire all the necessary skills to face the most difficult problems which include enhancement of application security, detection and mitigation of security bugs, and implementation and/or improvement of secure development process.


Our training course "Secure software develoopment for Android and iOS technology stacks" includes practical studies that will allow the participants to apply the acquired knowledge immediately. The training is adapted for an audience with various levels of initial knowledge. The experience gained after the training will increase the maturity of secure development process, improve the quality of the products' development from the point of their security.

The target audience of this course is:
  • software architects
  • software developers
  • software testers.
The course duration is 2 days.

The course syllabus below can be adopted according to company/organisation's needs.

Please write us your requirements and questions that are critical for you. We will update the training program accordingly.

Course syllabus

  1. General topics
    • Rooting danger (iOS and Android)
    • Obfuscation
    • Social engineering
    • Privacy
    • Unofficial markets
  2. Classic memory corruption and cryptography vulnerabilities
    • Architecture of PC and mobile devices. x86, x64 and ARM
    • Buffer overflow
    • Format string attacks
    • Integer overflows
    • Heap overflow
    • Return oriented programming
    • Defeces: stack canaries, DEP, ASLR
    • Unsafe deserialization CVE-2008-5353
    • Unsafe reflection CVE-204-2331
    • Unsafe inner classes
    • Thread safety and race conditions
    • Insecure ccryptography
    • Password security
    • Certificate PINNING
    • Improper error handling
    • Insecure components
    • Metadata leak
    • Backup files
  3. Android specifics
    • Andoid security architecture
    • SELinux
    • Android permissions
    • Unix security (process, user, filesystem)
    • Dalvik
    • ART
    • Dex file format
    • SQL injection for content providers
    • Activity hijacking
    • Broadcast Theft
    • Insecure pending intents
    • Dos null check
    • Intent injection
    • Log injection
    • Weak randomness generators
    • OWASP TOP10 mobile risks for Android
  4. iOS specifics
    • iOS security architecture
    • iOS Secure Coding guide
    • iOS sandbox
    • iOS permissions
    • iOS DRM
    • UIWebView risks
    • Mach file format
    • Keybord caching
    • Insecure URL handlers
    • SQL injections
    • Keychain
    • UDID leaks
    • OWASP TOP10 mobile risks for iOS.

For ease of use, you can download the program of the training course "Secure software developemtn for Android and iOS technology stacks" from the link. Click to download

This website uses cookies to give you the best experience. Terms & Conditions