Home > Store > Programming > Android

Android Security Essentials LiveLessons (Video Training), Downloadable

Downloadable Video

  • Your Price: $119.99
  • List Price: $149.99
  • About this video
  • Accessible from your Account page after purchase. Requires the free QuickTime Player software.

    Videos can be viewed on: Windows 8, Windows XP, Vista, 7, and all versions of Macintosh OS X including the iPad, and other platforms that support the industry standard h.264 video codec.

Register your product to gain access to bonus material or receive a coupon.

Buy Lessons

DRM-Free Video Downloads. Purchase and immediately download individual lessons from this video. Make your lesson selections below and click on the Buy button.

Videos can be viewed on: Windows 8, Windows XP, Vista, 7, and all versions of Macintosh OS X including the iPad, and other platforms that support the industry standard h.264 video codec. Requires the free QuickTime Player software.

Lesson 1

Lesson 1: Android Security Basics, Downloadable Version

This lesson explains the problems with Android from a security perspective.  We dive right in and show how to reverse engineer an Android APK to view its source as well as backup an APK’s data to see what runtime customer information is exposed.  The lesson also introduces the OWASP Mobile top 10 risks from the Open Web Application Security Project which we cover detail in each lesson.

Duration: 00:16:12  File Size: 63 MB

Lesson 2

Lesson 2: Dealing with Insecure Data, Downloadable Version

Lesson 2 walks you through where runtime data is stored on the Android device, how to use Android file permissions to securely write data to an SD-card and also looks at how to write securely to a SQLite database.

Duration: 00:23:20  File Size: 79 MB

Lesson 3

Lesson 3: Weak Server Side Controls, Downloadable Version

This lesson deals with storing and securing data stored on backend web servers or in the cloud. You learn what the implications are of using remote servers for storing application data as well as how to secure the data.

Duration: 00:17:59  File Size: 34 MB

Lesson 4

Lesson 4: Insufficient Transport Layer Protection, Downloadable Version

This lesson builds on what we learned in Lesson 3. You learn how to perform a man-in-the-middle attack to see how insecure data is transmitted and how SSL can secure the traffic.

Duration: 00:16:36  File Size: 66 MB

Lesson 5

Lesson 5: Client Side Injection, Downloadable Version

Many Android apps are not 100% native and contain one or more HTML pages as webviews.  Learn how to secure these hybrid apps by understanding how cross-site scripting and SQL injection are used to attack your web server.

Duration: 00:14:18  File Size: 52 MB

Lesson 6

Lesson 6: Poor Authorization, Downloadable Version

This lesson explains what the options are for logging in to an Android app, how they can be compromised and best practices for user authorization.

Duration: 00:12:22  File Size: 40 MB

Lesson 7

Lesson 7: Improper Session Handling, Downloadable Version

Building on Lesson 6, this lesson explains why mobile sessions are different from web sessions. Learn how to implement mobile sessions securely as well as use OAuth to log in to social media websites.

Duration: 00:09:23  File Size: 31 MB

Lesson 8

Lesson 8: Security Decisions via Untrusted Inputs, Downloadable Version

Learn how the Android framework manages communication between Android apps and how that can be exploited.  Understand the principle of minimum Android manifest permissions and what permissions should be avoided.

Duration: 00:13:21  File Size: 48 MB

Lesson 9

Lesson 9: Side Channel Data Leakage, Downloadable Version

Android apps, probably more than other mobile platform, have a tendency to leak information in log files.  In the past, third party libraries from advertising companies have also collected more customer information than they needed.  In this lesson learn how to remove all logging for your production app and how to use proxy servers and decompilers to know exactly what your third party apps are collecting.

Duration: 00:13:54  File Size: 59 MB

Lesson 10

Lesson 10: Broken Cryptography, Downloadable Version

Learn what types of synchronous and asynchronous encryption can be used in Android apps, why it’s not a good idea to store the keys in the code or on the device, how to store the key using the NDK as well as encryption best practices using asynchronous techniques.

Duration: 00:15:44  File Size: 51 MB

Lesson 11

Lesson 11: Sensitive Information Disclosure, Downloadable Version

While Lesson 2 looked at the runtime information that may or may not be exposed, Lesson 11 looks at how developers are exposing information hard coded in the compiled application such as encryption keys and how this potentially exposes more customer information.

Duration: 00:22:47  File Size: 84 MB

Lesson 12

Lesson 12: Conclusion, Downloadable Version

In the final lesson we review the OWASP top 10 and use a tool from OWASP called GoatDroid that will help you get a better understanding of how to write more secure Android code.

Duration: 00:16:11  File Size: 44 MB

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Your browser doesn't support playback of this video. Please download the file to view it.

Actual product comes full screen and in high resolution.

Description

  • Copyright 2014
  • Edition: 1st
  • Downloadable Video
  • ISBN-10: 0-13-382904-9
  • ISBN-13: 978-0-13-382904-4

3+ Hours of Video Instruction

Android applications make use of advanced hardware and software, as well as local and server data, exposed through the platform to bring innovation and value to consumers. To protect that value, the platform must offer an application environment that ensures the security of users, data, applications, the device, and the network. Securing an open platform requires a robust security architecture and rigorous security programs, as well as developers who are aware of the security issues that may come up.

Android Security Essentials LiveLessons alerts developers to the security issues that can arise when using the Android platform and guides them though solutions. Godfrey Nolan covers best practices for Android security by examining common security scenarios. Each lesson begins by presenting the concept behind the security problem at hand, with snippets of code introduced as the problem is explored. This is then followed by examination of code or demonstration of tools showing you how to implement the concepts presented.

Godfrey Nolan is founder and president of RIIS, a mobile development firm in the Detroit metro area. Godfrey has spoken at AnDevCon, JavaOne, ASP-Connections, VSLive, CodeMash, Code PaLOUsa, 1DevDay, and many local Java and .NET user groups on a wide range of topics, including continuous integration, executable requirements and mobile security.

Skill Level

  • All levels

What You Will Learn

  • How to write secure Android apps using the OWASP top 10 as a guideline
  • How to do an audit your own Android app

Who Should Take This Course

  • Android developers
  • Security professionals
  • Android project managers
  • CIOs

Course Requirements

  • Basic understanding of functionality of Android phones, some Java experience would be helpful but not essential.

Lesson 1: Android Security Basics

This lesson explains the problems with Android from a security perspective. We dive right in and show how to reverse engineer an Android APK to view its source as well as backup an APK’s data to see what runtime customer information is exposed. The lesson also introduces the OWASP Mobile top 10 risks from the Open Web Application Security Project which we cover detail in each lesson.

Lesson 2: Dealing with Insecure Data

Lesson 2 walks you through where runtime data is stored on the Android device, how to use Android file permissions to securely write data to an SD-card and also looks at how to write securely to a SQLite database.

Lesson 3: Weak Server Side Controls

This lesson deals with storing and securing data stored on backend web servers or in the cloud. You learn what the implications are of using remote servers for storing application data as well as how to secure the data.

Lesson 4: Insufficient Transport Layer Protection

This lesson builds on what we learned in Lesson 3. You learn how to perform a man-in-the-middle attack to see how insecure data is transmitted and how SSL can secure the traffic.

Lesson 5: Client Side Injection

Many Android apps are not 100% native and contain one or more HTML pages as webviews. Learn how to secure these hybrid apps by understanding how cross-site scripting and SQL injection are used to attack your web server.

Lesson 6: Poor Authorization

This lesson explains what the options are for logging in to an Android app, how they can be compromised and best practices for user authorization.

Lesson 7: Improper Session Handling

Building on Lesson 6, this lesson explains why mobile sessions are different from web sessions. Learn how to implement mobile sessions securely as well as use OAuth to log in to social media websites.

Lesson 8: Security Decisions via Untrusted Inputs

Learn how the Android framework manages communication between Android apps and how that can be exploited. Understand the principle of minimum Android manifest permissions and what permissions should be avoided.

Lesson 9: Side Channel Data Leakage

Android apps, probably more than other mobile platform, have a tendency to leak information in log files. In the past, third party libraries from advertising companies have also collected more customer information than they needed. In this lesson learn how to remove all logging for your production app and how to use proxy servers and decompilers to know exactly what your third party apps are collecting.

Lesson 10: Broken Cryptography

Learn what types of synchronous and asynchronous encryption can be used in Android apps, why it’s not a good idea to store the keys in the code or on the device, how to store the key using the NDK as well as encryption best practices using asynchronous techniques.

Lesson 11: Sensitive Information Disclosure

While Lesson 2 looked at the runtime information that may or may not be exposed, Lesson 11 looks at how developers are exposing information hard coded in the compiled application such as encryption keys and how this potentially exposes more customer information.

Lesson 12: Conclusion

In the final lesson we review the OWASP top 10 and use a tool from OWASP called GoatDroid that will help you get a better understanding of how to write more secure Android code.

LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home & Office Technologies, Business & Management, and more. View all LiveLessons on InformIT athttp://www.informit.com/imprint/series_detail.aspx?ser=2185116

Downloads

Downloads

The source code repository for this LiveLesson can be found at https://github.com/godfreynolan/LiveLessons.

Updates

Submit Errata

More Information

ONE MONTH ACCESS!

WITH PURCHASE


Get unlimited 30-day access to thousands of Books & Training Videos about technology, professional development and digital media If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months.