• Online, Self-Paced

Mobile security threats are among the most serious threats to the enterprise, as mobile attacks are often a gateway to a wider attack on connected resources. The Open Web Application Security Project tracks the top 10 security concerns for mobile devices and applications, and this course uses those risks as a basis for discussing mobile security. In this course, you will learn about some best practices for securely handling mobile devices.

Learning Objectives

Mobile Security Overview

  • start the course
  • describe current mobile devices and form factors
  • describe the current state of mobile device security
  • describe mobile security considerations

 

Device Risks

  • describe the process to determine risk in a mobile environment
  • describe sensitive mobile assets
  • describe sensitive usage scenarios for mobile devices
  • describe how mobile data is stored and transported

 

Device and Back-end Threats

  • list the OWASP top 10 mobile risks, and describe how weak server-side controls affect mobile device back-end systems
  • describe how insecure data storage affects mobile device front-end and back-end systems
  • describe how insufficient transport layer protection affects mobile device front-end and back-end systems
  • describe how unintended data leakage affects mobile device front-end and back-end systems
  • describe how poor authorization and authentication affects mobile device front-end and back-end systems
  • describe how broken cryptography affects mobile device front-end and back-end systems
  • describe how client-side injection affects mobile device front-end systems
  • describe how security decisions via untrusted inputs affect mobile device back-end systems
  • describe how improper session handling affects mobile device front-end systems
  • describe how lack of binary protections affects mobile device front-end systems

 

Impact of Exploits

  • describe the potential technical impacts of mobile exploits
  • describe the potential business impacts of mobile exploits

 

Secure Device Requirements

  • describe requirements for secure device data handling
  • describe requirements for secure device authorization and authentication
  • describe requirements for secure device sensors, jailbreaking, and mobile device management systems
  • describe requirements for secure device connectivity and apps
  • describe requirements for users of secure devices

 

Practice: Threats

  • assess threats from OWASP top 10 and their impact on mobile systems

 

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.