This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP AppSec DC 2012/Training/Building Secure Android Apps"

Jump to: navigation, search
(Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 2 Day''' The course focuses on building secure mobile applications for the Android platform. Stu...")
(category changed to OWASP/Training AppSec_DC_2012)
Line 17: Line 17:
Jack Mannino
Jack Mannino
[[Category:OWASP/Training AppSec_DC_2012]]
{{:OWASP AppSec DC 2012 Footer}}
{{:OWASP AppSec DC 2012 Footer}}

Revision as of 20:56, 10 November 2014


Registration Now OPEN! | Hotel | Schedule | Convention Center |


Course Length: 2 Day

The course focuses on building secure mobile applications for the Android platform. Students will learn about the Android security model and platform security features. They will be introduced to mobile application threat modeling, and learn how to apply the outcomes of threat modeling directly into their design and development processes. The OWASP Mobile Top 10 Risks and Controls will be covered at great length.

After students are taught foundational information, they will learn how to properly use the various Android components and APIs to reduce the amount of vulnerabilities within production code. Hands-on labs will use the vulnerable mobile Android applications provided by the OWASP GoatDroid project. Students will learn many techniques for performing source code reviews, penetration testing, and forensic analysis of Android applications. Hands-on exercises represent a large portion of the course. Each concept presented will include examples of insecure and secure code, along with strategies for remediation. By teaching students how to identify and exploit various security flaws, they will gain a greater understanding of how the security controls actually protect their applications.

At the end of this two-day course, attendees should understand how to build secure applications, perform source code reviews, and perform penetration testing for Android applications. They will also understand and be able to demonstrate expertise at applying security controls to applications for addressing many security defects. Each student will ultimately take back with them to their workplace a repeatable and reliable methodology for building and maintaining secure Android applications.

Student Requirements

Laptop Required: Students Need to Bring: None


Audience: Technical Skill Level: Intermediate

Gain greater insight into the security model and features of the Android platform

Learn how to directly apply concepts to real-world applications and scenarios

Understand the resources made available through the OWASP Mobile Security Project and better understand how to incorporate them into their professional environments.


Jack Mannino

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg