Mobile Security Training | Mobile Device Security Training tonex.com/training-courses/mobile-security-training/
Price: $2,199.00 Length: 3 Days
Why should you choose TONEX for your Mobile Security Training? Mobile Security Training course will explore enterprise mobile security and teach you the mobile security weaknesses and threats. Learn how attackers can utilize mobile devices to abuse and attack organizations. We show you various mobile security concerns, technical issues with mobile platforms, remediation strategies, security policies, and solutions on variety of mobile devices, smart devices and platforms including iOS (iPhone and iPad), Android, Blackberry and Windows Phone. Learn more about: Application Security and SDLC Fundamentals Mobile networks and technologies Mobile threat models Mobile Device Management (MDM) and BYOD Secure Java, C# and Objectives C coding iOS and Android SDK, APIs, and Security Features Web Service and Network Security Data Security and Implementing Encryption Application hardening and reverse engineering Explore the techniques to protect Mobile devices and smartphones since mobile threats are different. Learn how the mobile devices and platforms operate and integrate with IT infrastructure within the enterprise. Understand the role of Mobile device security policy and how it can impact the mobile security. Learn about mobile security and MDM solutions and how to extend protection beyond mobile devices, apps, and data. Mobile Security Training Topics Include: Mobile device overview Mobile device characteristics Weaknesses in mobile phones Overview of mobile networks GSM, CDMA, UTMS/HSPA/HSPA+, LTE, LTE-Advanced and WiFi Network and 1/7
Security features and architecture High-Level threats and vulnerabilities Physical security controls Exploit tools and attacks againstt mobile devices Mobile devices and security infrastructures iOS, Android, Blackberry and Windows Phone environment: emulator/sdk/hardware/ Basics concepts of reverse engineering mobile applications Exploiting mobile applications Attacking web applications, and web services Decompiling and reversing Apps Fuzzing Android Apps Web App/Web Service Testing Working with SQLite Manager Using (Burp/Charles Proxy) Device encryption support and threats Mobile privacy concerns and threats Guidelines and roadmaps for establishing mobile security policies Analyzing trusted networks and untrusted content Use of location services Use of Applications created by unknown parties Technologies for Mobile Device Management Security Components and Architectures Security for the Enterprise Mobile Device Solution Life Cycle Restrictions on Mobile Devices and Access Levels Penetration testing iOS, Android, Blackberry and Windows Phone Penetrating the mobile applications Policies on how to secure mobile devices Jailbreaking tools and techniques Who Should Attend? This class is recommended for mobile device manufacturers, application developers, mobile network operators, software companies, special ops, covert ops personnel, FBI, CIA, NSA, DoD offensive security professionals, and other professionals from the Intel community. Course Content Mobile Security Infrastructure Implement Vulnerability Assessment Tools and Techniques Scan for Vulnerabilities Mitigation and Deterrent Techniques Mobile Security Threats and Vulnerabilities Social Engineering Physical Threats and Vulnerabilities Network-Based Threats Wireless Threats and Vulnerabilities 2/7
Software Based Threats Mobile Security Fundamentals Information Security Cycle Information Security Controls Authentication Methods Cryptography Fundamentals Security Policy Fundamentals Mobile computing trends and threats Best practices in mobile device management (MDM) Mobile Device Management (MDM) Centralizing device administration Enabling BYOD in the organization Confronting BYOD challenges Fortifying device synchronization Modifying policies to work with each mobile OS Handling lost or stolen devices Securing the mobile application in the organization Open Web Application Security Project (OWASP) Mobile phone forensics and its implications Mobile Network Security Network Devices and Technologies Concepts behind GSM, 3G, LTE and LTE-Advanced Security Concepts behind WiFi, Bluetooth and NFC Security Mobile Security Frameworks Network Design Elements and Components Implement Networking Protocols Access Control, Authentication, and Account Management Data Security Apply Network Security Administration Principles Secure Wireless Traffic Managing Application, Data and Host Security Establish Device/Host Security iOS SDK, APIs, and Security Features Code signing Sandbox Data at rest encryption Generic native exploit mitigation features Non executable memory Stack smashing protection iOS Data protection API Various levels of protection, driven by developer 3/7
Complete protection Protected unless open Protected until first user authentication No protections iOS Security Framework Common Crypto Libraries Symmetric encryption HMAC Digests Generating secure random numbers Security and limitations of the keychain Keychain access groups Managing certificates and keys Web Service and Network Security Clear text transmission of data Man-in-the-middle attacks Cellular proxy attack (provisioning profile) Insufficient validation of certificates / certificate chain SSL compromise DNS hijacking SSL session with validation Validate originated from a trusted CA Validate the certificate has not been revoked Describe how to implement / validate client-side certificates SSL pinning Common threats to Web services Information disclosure Brute forcing Fuzzing SQL injection Directory traversal Implementation of session security Highly random token Expire on timeout or exit Store in memory not in data Avoid static user token UDID deprecation Data Security and Implementing Encryption Key storage and retention Master keys 4/7
Key strength Cipher Specifications Forensic trace Storage of data in protected APIs Built-in encryption vs. custom encryption File permissions and using strong passwords for database security How to hash sensitive data and seed of passwords Storing more data externally on servers Not storing data outside of the applications security Do not store sensitive data, if you can avoid it Protecting data at rest while the device is locked Implementation of encryption in iOS Common cryptor Logic in applications Certificate and key exchange Authentication and authorization Session management Decryption as authentication, not after Data Encryption APIs PIN vs. complex passphrase Data protection APIs Keychain and vulnerabilities Demonstrate knowledge of Apple’s encrypted file system Journal Android SDK, APIs and Security Features System and kernel level security Application sandbox Application signing Purpose Key management Permissions File system Application-defined URI permissions Android permission model Protected APIs Requesting permissions Defining permissions Use of signatures Protection levels Summarize the Device Administration API 5/7
Purpose and appropriate use Letting the user control access to sensitive data Start the contacts activity to let the user select a contact for use by the application rather than require permission to access all contacts Start the camera application to let the user take a picture for use in the application without requiring camera permissions Secure inter-process communication in Android Public and private components Protecting access to Services Broadcast receivers Activities Content providers Databases Securely accessing third-party components with IPC Types of attacks Confused deputy Intent sniffing Intent hijacking Data disclosure Application Hardening Principles Apple Digital Rights Management Mach-O object format Symbol table definitions Class-dump Dumping memory Binary stripping Process trace checks Tamper response Counter-debugging techniques Code obfuscations Optimizations Inline functions Encrypted payloads Managing Public Key Infrastructure (PKI) Install a Certificate Authority (CA) Hierarchy Back Up a CA Restore a CA Managing Certificates Enroll Certificates Renew Certificates Revoke Certificates 6/7
Back Up Certificates and Private Keys Restore Certificates and Private Keys Compliance and Operational Security Physical Security Legal Compliance Security Awareness and Training Managing Risk Risk Analysis Implement Risk Mitigation Strategies Workshops Developing a Mobile Security Strategy Creating the mobile threat matrix model Creating a security policy framework Evaluating vulnerabilities Creating a mobile security assessment plan Assessing mobile network and device vulnerabilities
Objectives Upon Completion of this course, the students will: Describe fundamental principles of mobile security Describe concepts behind Mobile Network Security (3G, LTE, WiFi, Bluetooth, NFC, and GPS) Describe concepts behind MDM and BYOD Describe fundamental principles of application security Describe the security model of iOS devices Describe common threats to mobile application security Develop moderately complex applications using the iOS SDK Describe Web services security model and vulnerabilities Properly implement SSL/TLS for Web communications Utilize the security features of the iOS operating system and APIs Properly implement secure coding techniques Avoid insecure retention of data in memory Describe common implementations of cryptography such as PKI Leverage encryption for storage and/or communications Harden an application against attack to levels appropriate for the risk model of the application
7/7