Enroll today to experience new and improved course content.
From smartphones to tablets to watches, users are relying more and more on the convenience of mobile technology. Organizations must meet this growing trend with greater security measures to support critical business functions and protect sensitive data on enterprise devices. Mobile architectures, applications, networks and services must all be developed and managed in compliance with the oversight of a strong IT workforce.
This course provides an in-depth technical overview of the security features and limitations of modern mobile operating systems, including the top risks and vulnerabilities, every IT professional needs to know.
You Will Learn
- Mobile application security measures
- Native, API-based, Web-based and HTML5 system architectures are covered in Android, Surface, Apple and Samsung devices. The latest threats to mobile application security including data leakage, identifier leakage, third-party tags and libraries, and location privacy are also reviewed. An ecosystem-level of available application store defenses are detailed using Bouncer (Android automated vetting) and iOS (Apple manual and automated vetting) to demonstrate permission models and defense against circumvention.
- Models to develop and secure Android applications
- WebView, common cryptographic mistakes and marketplace issues reveal how malicious intent can cause security breaches in Android applications. Establishing practices to defend against threats through app code signing, runtime processing, permissions and other features like Bytecode are discussed.
- Security detection and measures in iOS
- The iOS security architecture is comprised of specific features for ensuring trust—secure boot chain, secure enclave, app data protection and data classes. These security measures are covered with attention to privacy mechanisms for service through iMessage and iCloud; network oversight through Bluetooth and AirDrop are also covered.
- Trends in mobile device management (MDM)
- Device requirements for MDM are reviewed in detail: configuration and hardening, encryption, backup and recovery, remote wipe, patch management, enterprise VPN and proxy. Additionally, measures to monitor, enforce and report on enterprise device activity are covered using case studies from MobileIron, AirWatch and Enterproid.
We recommend you have the equivalent of a BS in Computer Science and a background in security.
We highly recommend that you take this course, Software Security Foundations (XACS101) as the 1st course within the Stanford ACS certificate program. It provides the fundamentals necessary for the subsequent courses in the program.