Mobile phones are becoming an increasingly important tool as we interface with the world around us. The mobile applications we build are central to how our users live, communicate, work, and interact with those around them.
The personal nature of mobile applications makes securing them paramount. When developing for mobile, the considerations are very different from other environments, like the web. Even if the underlying systems are accessible in web and mobile forms, the way we develop the mobile apps, the data they access, and our users’ expectations are very different.
This course covers the why, what, and how of mobile application security. We’ll highlight how security must be considered by the entire development team, from decision-makers and managers to developers. You’ll gain a solid foundation to assist you in improving the security posture of your mobile applications and complying with relevant security requirements.
- Understand why mobile application security is essential.
- Analyze and plan the necessary jobs, and identify the resources required to secure mobile applications.
- Learn how to apply appropriate security controls to secure mobile applications, including steps to uplift your security maturity.
Module 1: Importance of mobile application security
- Understand why the mobile application context is different from web application security.
- Understand the roles and responsibilities to consider within a development team building secure mobile applications.
- Understand where to start by using threat modeling for prioritization.
Module 2: Jobs to be done & resourcing
- Understand the security obligations and requirements for mobile applications.
- Understand the people, processes, and technology involved in getting mobile security started.
- Plan and execute the security jobs to be done by the development team.
Module 3: Execution Playbook
- Understand the essential security practices to comply with App Store requirements.
- Learn how to apply the appropriate technical controls.
- Utilize the OWASP MASVS as a technical control-focused guide.