Mobile Developer
Details 44 Courses, 21 Hours, 25 CPE Credits
Core
Designed to provide an understanding of security principles, best practices for developing secure mobile applications, and essential access control on mobile devices. The Learning Path also focuses on fundamentals of application security, application security risk management, and common vulnerabilities in mobile applications.
Courses Include
- AWA 101 Fundamentals of Application
Security - AWA 102 Secure Software Concepts
- COD 110 Fundamentals of Secure Mobile Development
- COD 261 Threats to Scripts
- DES 260 Fundamentals of IoT Architecture and Design
- ENG 112 Essential Access Control for Mobile Devices
- ENG 205 Fundamentals of Threat Modeling
Advanced
Covers key fundamentals of mobile application threats and mitigations, mobile data cryptography, and creating secure code for mobile applications. This path also covers Mobile OWASP Top 10, to educate learners about the consequences of the most common and most important application security weaknesses to enable the learner to develop secure code and mitigate security vulnerabilities.
Courses Include
- COD 229 Insecure IoT Mobile Interface
- COD 230 Insecure IoT Firmware
- COD 234-237 Mobile OWASP Top 10 Series (4)
- COD 316 Creating Secure iOS Code in Objective C
- COD 317 Creating Secure iOS Code in Swift
- COD 318 Creating Secure Android Code in Java
- DES 202-205 Fundamentals of Cryptography Series (4)
- TST 252 Testing for OS Command Injection
- TST 253 Testing for Classic Buffer Overflow
- TST 255 Testing for Missing Authorization
- TST 257 Testing for Use of Hard-Coded Credentials
- TST 258 Testing for Missing Encryption of Sensitive Data
- TST 259 Testing for Unrestricted Upload of File with Dangerous Type
- TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
- TST 261 Testing for Execution with Unnecessary Privileges
- TST 264 Testing for Download of Code without Integrity Check
- TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
- TST 267 Testing for Incorrect Permission Assignment for Critical Resource
- TST 268 Testing for Use of a Potentially Dangerous Function
- TST 269 Testing for Use of Broken or Risky Cryptographic Algorithm
- TST 270 Testing for Incorrect Calculation of Buffer Size
- TST 271 Testing for Improper Restriction of Excessive Authentication Attempts
- TST 272 Testing for Open Redirect
- TST 273 Testing for Uncontrolled Format String
- TST 275 Testing for Use of a One-Way Hash without a Salt
Elite
Provides learners with an understanding of secure architecture and design principles while articulating security requirements to be considered during the requirements phase. This path also introduces the learner to threat modeling using the Microsoft Security Development Lifecycle (SDL) process. Developers will learn to define the attack surface of an application and how to reduce the risk to an application by minimizing the application’s attack surface, and guidelines for source code review.
Courses Include
- DES 101 Fundamentals of Secure Architecture
- DES 212 Architecture Risk Analysis and Remediation
- DES 311 Creating Secure Application Architecture
- ENG 191-195 Integrating the MS SDL into your SDLC Series (5)
- ENG 211 How to Create Application Security Design Requirements
- ENG 311 Attack Surface Analysis & Reduction
- ENG 312 How to Perform a Security Code Review
Details 44 Courses, 21 Hours, 25 CPE Credits
Core
Designed to provide an understanding of security principles, best practices for developing secure mobile applications, and essential access control on mobile devices. The Learning Path also focuses on fundamentals of application security, application security risk management, and common vulnerabilities in mobile applications.
Courses Include
- AWA 101 Fundamentals of Application Security
- AWA 102 Secure Software Concepts
- COD 110 Fundamentals of Secure Mobile Development
- COD 261 Threats to Scripts
- DES 260 Fundamentals of IoT Architecture and Design
- ENG 112 Essential Access Control for Mobile Devices
- ENG 205 Fundamentals of Threat Modeling
Advanced
Covers key fundamentals of mobile application threats and mitigations, mobile data cryptography, and creating secure code for mobile applications. This path also covers Mobile OWASP Top 10, to educate learners about the consequences of the most common and most important application security weaknesses to enable the learner to develop secure code and mitigate security vulnerabilities.
Courses Include
- COD 229 Insecure IoT Mobile Interface
- COD 230 Insecure IoT Firmware
- COD 234-237 Mobile OWASP Top 10 Series (4)
- COD 316 Creating Secure iOS Code in Objective C
- COD 317 Creating Secure iOS Code in Swift
- COD 318 Creating Secure Android Code in Java
- DES 202-205 Fundamentals of Cryptography Series (4)
- TST 252 Testing for OS Command Injection
- TST 253 Testing for Classic Buffer Overflow
- TST 255 Testing for Missing Authorization
- TST 257 Testing for Use of Hard-Coded Credentials
- TST 258 Testing for Missing Encryption of Sensitive Data
- TST 259 Testing for Unrestricted Upload of File with Dangerous Type
- TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
- TST 261 Testing for Execution with Unnecessary Privileges
- TST 264 Testing for Download of Code without Integrity Check
- TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
- TST 267 Testing for Incorrect Permission Assignment for Critical Resource
- TST 268 Testing for Use of a Potentially Dangerous Function
- TST 269 Testing for Use of Broken or Risky Cryptographic Algorithm
- TST 270 Testing for Incorrect Calculation of Buffer Size
- TST 271 Testing for Improper Restriction of Excessive Authentication Attempts
- TST 272 Testing for Open Redirect
- TST 273 Testing for Uncontrolled Format String
- TST 275 Testing for Use of a One-Way Hash without a Salt
Elite
Provides learners with an understanding of secure architecture and design principles while articulating security requirements to be considered during the requirements phase. This path also introduces the learner to threat modeling using the Microsoft Security Development Lifecycle (SDL) process. Developers will learn to define the attack surface of an application and how to reduce the risk to an application by minimizing the application’s attack surface, and guidelines for source code review.
Courses Include
- DES 101 Fundamentals of Secure Architecture
- DES 212 Architecture Risk Analysis and Remediation
- DES 311 Creating Secure Application Architecture
- ENG 191-195 Integrating the MS SDL into your SDLC Series (5)
- ENG 211 How to Create Application Security Design Requirements
- ENG 311 Attack Surface Analysis & Reduction
- ENG 312 How to Perform a Security Code Review
