This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third-party code, location security and privacy and denial of service. The student is then given an overview of the mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principles to use to address them.
On successful completion of this course, learners should have the knowledge and skills to:
- Identify common mobile application vulnerabilities
- Use mobile application development best practices
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.