Get a Demo

Intelligent Protection

Build reliable mobile apps

You’d never secure your valuables in a cardboard vault. Why settle for less than the best in your app security?
Treating security as an afterthought in the mobile app development process leaves your app vulnerable to attack. Like flimsy cardboard, hasty security measures won’t hold up against determined attackers. It’s essential to incorporate security into every stage of development to protect your app and its users.
This course will equip you with an understanding of the ideal security model on iOS and Android platforms, the best practices in development, and common pitfalls to avoid. 

Course Prerequisites

This course is designed for mobile developers who have experience developing mobile apps. Beginners are encouraged to cover the fundamentals of mobile app development before attempting this course

What You’ll Learn

  • The overall security model of the mobile platform at OS and app level
  • Beyond source code: securing directories
  • Network security and Transport Layer Security (TLS)
  • How to securely implement
    • Authentication and authorization
    • Biometric authentication
    • Multi Factor Authentication (MFA) 
  • Security considerations in Inter-Process Communication (IPC)
  • Protection against sensitive data leakage
  • Preventing and mitigating client side injection attacks
  • Security in WebView and web apps
  • Cryptography and security

Why Ebryx?

Ebryx has a team of mobile developers with more than a decade of experience building mobile applications for various platforms. Due to our organization-wide focus on security, every mobile developer at Ebryx strives to create mobile apps with no vulnerabilities.
Your course instructors aren’t simply teachers– they’re full-time developers who speak the same language as you do. During this course, you will get to tackle complex and engaging problems. This hands-on approach ensures that you retain our teaching after the training concludes.
Our instruction doesn’t stop at teaching. We also help you adopt industry best practices in your company and support you in all stages of the software development lifecycle, from design to implementation to deployment and beyond. 

Course Outline

Introduction

  • No Platform is Immune
  • Secure Coding
  • Native or Non-Native
    • Native Apps
    • Web Apps
    • Hybrid Apps
  • Copying code; Pasting Vulnerability
Mobile Security model (iOS, Android) 
  • Secure Boot
  • Coding Signing
  • Application Sandbox
  • Extensions
  • Secure Enclave
  • Data Protection
  • Keychain
Keychain API Data Protection API Jailbreaking and Rooting App Store and Play Store Review iOS App Anatomy
  • PLIST Files
  • Device Directories
Network Security
  • The URL Loading System
  • Using Transport Layer Security Correctly
  • Using Credential Persistence
  • Modifying Redirect Behavior
  • TLS Certificate Pinning
  • The wrong way to do HTTP auth
  • Determin whether a URL should be Pinned
  • Lower-Level Networking with NSStream
  • Even Lower-level Networking with CFStream
Inter-process Communication (IPC)
  • URL Schemes and the openURL method
  • Validating URLs and Authenticating the Sender
  • Universal Links
  • Sharing with UIActi
  • Application Extensions
  • Preventing Apps from Interacting with Extensions
Web Apps
  • Working with UIWeb View
  • WKWeb Views
  • Security Benefits of WKWebViews
  • A Safe and Somewhat Hardened WKWebView
Data Leakage
  • NSLog and Apple System Log (ASL)
  • Disable NSLog in Release Builds
  • Sensitive Data Leaks Through Pasteboards
  • HTTP Cache Leaks
  • Cache Management
  • Key-logging and the Autocorrection Database
  • Misusing User Preferences
  • Dealing with Snapshots
Client-Side Injection Attacks
  • Client-Side Cross-Site Scripting
  • Input Sanitization
  • Blacklisting Bad Input
  • Whitelisting Allowable Input
  • Output Encoding
  • SQL Injection
  • Predicate Injection
Encrypting and Security
Using the keychain and keystore
Mobile Privacy Concerns
Mobile Security Tools & Testing

Pricing

For inquiries about training costs, please get in touch with us at [email protected]

Register now to become a member of our latest cohort

Our Services.

Cloud Monitoring Services

The Ebryx Cloud Monitoring Service is specifically tailored for organizations with a significant cloud footprint and a need to incorporate off-premise assets within a consistent security framework. Our security experts have developed mature analysis playbooks for all the major public cloud providers, such as AWS, Azure and GCP. Our team monitors applications (ELB, CDN, WAF) and infrastructure logs (Cloudtrail, Azure Activity, StackDriver) ensuring all cloud native data sources are catered for and integrated with our platform. (…)    

Read more

Our Clients.

Previous
Next

Get In Touch

Have Any Question or Query?

Contact Sales

KEY LINKS

Contact Us

Address:

389 Main Street, Unit 5
Salem, NH 03079

T: (+1) 603-912-5385

Follow Us

(C) 2023 All Rights Reserved

Contact Form

x







      Cybersecurity ServicesCloud SecuritySecurity Assessment ServicesTailored Security for StartupsTailored Security for StartupsSecurity R&DDetection and Response ServicesCustom EngineeringManaged SOCOtherIncident Readiness and Response







        Cybersecurity ServicesCloud SecuritySecurity Assessment ServicesTailored Security for StartupsTailored Security for StartupsSecurity R&DDetection and Response ServicesCustom EngineeringManaged SOCOtherIncident Readiness and Response



          Get In Touch