Defensive Programming in Java for Android Applications

Course Description

This course explores the security fundamentals of Google’s Android platform including its overall architecture and security model, the Dalvik virtual machine, Android RunTime, permission model, and inter-process communication (IPC) mechanisms. The course also focuses on the software security risks inherent to this specific platform and provides solutions for designing and developing Android applications that are resilient to a broad range of issues including (but not limited to) information disclosure, insecure storage, injection attacks and authentication/ authorization problems. Throughout the course, a special emphasis is given on methods to leverage the Android architecture to follow principles such as defense-in-depth and least privilege in order to effectively mitigate the risks associated with your mobile applications and related assets.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Comprehend the Android mobile platform
  • Describe the risks affecting Android applications
  • Implement secure inter-process communications
  • Describe methods to prevent sensitive information disclosure
  • Describe methods to limit your mobile application’s attack surface
  • Describe methods to prevent eavesdropping and man-in-the-middle attacks
  • Use generic defensive programming to write secure mobile applications


Delivery Format:

  • Traditional Classroom
  • Virtual Classroom

Duration: 8 Hours

Intended Audience:

  • Developers