Mobile security threats are among the most serious threats to the enterprise, as mobile attacks are often a gateway to a wider attack on connected resources. The Open Web Application Security Project tracks the top 10 security concerns for mobile devices and applications, and this course uses those risks as a basis for discussing mobile security. In this course, you will learn about some best practices for securely handling mobile devices.
Learning Objectives
Mobile Security Overview
- start the course
- describe current mobile devices and form factors
- describe the current state of mobile device security
- describe mobile security considerations
Device Risks
- describe the process to determine risk in a mobile environment
- describe sensitive mobile assets
- describe sensitive usage scenarios for mobile devices
- describe how mobile data is stored and transported
Device and Back-end Threats
- list the OWASP top 10 mobile risks, and describe how weak server-side controls affect mobile device back-end systems
- describe how insecure data storage affects mobile device front-end and back-end systems
- describe how insufficient transport layer protection affects mobile device front-end and back-end systems
- describe how unintended data leakage affects mobile device front-end and back-end systems
- describe how poor authorization and authentication affects mobile device front-end and back-end systems
- describe how broken cryptography affects mobile device front-end and back-end systems
- describe how client-side injection affects mobile device front-end systems
- describe how security decisions via untrusted inputs affect mobile device back-end systems
- describe how improper session handling affects mobile device front-end systems
- describe how lack of binary protections affects mobile device front-end systems
Impact of Exploits
- describe the potential technical impacts of mobile exploits
- describe the potential business impacts of mobile exploits
Secure Device Requirements
- describe requirements for secure device data handling
- describe requirements for secure device authorization and authentication
- describe requirements for secure device sensors, jailbreaking, and mobile device management systems
- describe requirements for secure device connectivity and apps
- describe requirements for users of secure devices
Practice: Threats
- assess threats from OWASP top 10 and their impact on mobile systems