Training: Develop and Hack Android Apps Securely
Whether native, with cross-platform frameworks or web views: Android apps come in many forms – and, in each of them, a lot can go wrong from a security aspect. Security vulnerabilities in Android apps can pose a threat to users, their data, and their smartphones, and (in some cases) even to the servers, applications, and services that the Android apps in question are designed to use. Resourceful attackers can sometimes tap into sensitive private and personal data protected by the GDPR, creating legal and financial risks – not to mention reputational risks. Users may be able to obtain services for free. Hackers can attack the servers that provide the API for Android apps. Some gaps can be exploited by other apps on the device of the user with the vulnerable app, and others even via the browser or the Internet.
These risks are just a small sample of those things that can be a concern from a security perspective in Android apps. For this reason, we offer practical training for Android developers on how they can prevent the most common and important vulnerabilities in their own Android apps. This enables them to protect themselves, the users of their apps and their smartphones and data, as well as their employer – by averting legal risks and risks to their systems. The training discusses the problems described from a theoretical point of view, examines many gaps in practice, and some are even exploited (‘hacked’) by the participants themselves.
What do attendees learn in the training?
This training describes the most common security pitfalls and security issues in setting up and operating cloud environments in AWS to participants. The interaction of various – often interconnected – AWS services is reviewed for security risks, best practices discussed, and risks identified. Participants learn which AWS services are particularly sensitive, how to detect attacks on their own cloud infrastructure, and how infrastructure, applications, and cloud services are interconnected. Multi-step attack chains that span these layers are also discussed.
What are the contents?
- Presentation of key security-critical AWS services and associated risks
- Best practices concerning secure IAM
- Best practices in regard to secure handling of credentials, tokens and keys
- General security best practices in AWS
- Secure segmentation of cloud resources
- Dealing with autonomous teams and their impact on overall security
- Security logging, monitoring, and alerting in AWS
- Security policies, roles, and permissions
- Interaction of infrastructure, applications, and cloud services, as well as the security risks from them
What is the target audience (prior knowledge etc.)?
Cloud engineers, Cloud architects, DevOps personnel, and other technical staff and leaders who have prior experience using AWS. Participants must bring their own laptops with current versions of awscli and terraform installed.
How long does the training take?
Duration: 3 days