From smartphones to tablets to watches, users are relying more and more on the convenience of mobile technology. Organizations must meet this growing trend with greater security measures to support critical business functions and protect sensitive data on enterprise devices. Mobile architectures, applications, networks and services must all be developed and managed in compliance with the oversight of a strong IT workforce.
This course provides an in-depth technical overview of the security features and limitations of modern mobile operating systems, including the top risks and vulnerabilities, every IT professional needs to know.
You will Learn
Mobile application security measures
Native, API-based, Web-based and HTML5 system architectures are covered in Android, Surface, Apple and Samsung devices. The latest threats to mobile application security including data leakage, identifier leakage, third-party tags and libraries, and location privacy are also reviewed. An ecosystem-level of available application store defenses are detailed using Bouncer (Android automated vetting) and iOS (Apple manual and automated vetting) to demonstrate permission models and defense against circumvention.
Models to develop and secure Android applications
WebView, common cryptographic mistakes and marketplace issues reveal how malicious intent can cause security breaches in Android applications. Establishing practices to defend against threats through app code signing, runtime processing, permissions and other features like Bytecode are discussed.
Security detection and measures in iOS
The iOS security architecture is comprised of specific features for ensuring trust—secure boot chain, secure enclave, app data protection and data classes. These security measures are covered with attention to privacy mechanisms for service through iMessage and iCloud; network oversight through Bluetooth and AirDrop are also covered.
Trends in mobile device management (MDM)
Device requirements for MDM are reviewed in detail: configuration and hardening, encryption, backup and recovery, remote wipe, patch management, enterprise VPN and proxy. Additionally, measures to monitor, enforce and report on enterprise device activity are covered using case studies from MobileIron, AirWatch and Enterproid.
Dan Boneh, Professor of Computer Science and of Electrical Engineering, Stanford University
Neil Daswani, Chief Information Security Officer, LifeLock
John Mitchell, Professor of Computer Science and, by courtesy, of Electrical Engineering and of Education, Stanford University