Programming Cloud Services for Android Handheld Systems: Security

开始时间: 04/22/2022 持续时间: Unknown

所在平台: CourseraArchive

课程类别: 计算机科学

大学或机构: Vanderbilt University(范德堡大学)

授课老师: Douglas C. Schmidt

课程主页: https://www.coursera.org/course/mobilecloudsecurity

课程评论:没有评论

第一个写评论        关注课程

课程详情

A key challenge of mobile platforms is that the apps installed on a device increase the number of potential security vulnerabilities. Mistakes in app development or cloud services can lead to vulnerabilities that cause users data to be stolen, charges to user accounts, and spread of malware to a user’s friends. Ensuring that mobile cloud application developers are aware of potential vulnerabilities and avoid introducing them into their code is an essential part of building a more secure app ecosystem.

The course is designed to help students understand how to write more secure mobile cloud applications for Android. Students will be introduced to specific vulnerabilities that have affected well-known apps and be given a wide view of app threats on Android. Developers will also be introduced to the secure coding techniques that can be used to help prevent the introduction of app and cloud service vulnerabilities.

The Mobile Cloud Computing with Android (MoCCA) Specialization

This is the 6th course of the six-course Mobile Cloud Computing with Android (MoCCA) Specialization. It has been designed as part of a Coursera Specialization designed to help learners create complex, cloud-based Android Applications, and includes a final “capstone” project for those who earn Verified Certificates across all six courses.

Note: We are proud to announce that the MoCCA specialization has already reached hundreds of thousands of learners around the globe. In its last iteration, we worked with Google to provide Nexus tablets, feedback from the Google App team, and the potential to be featured in the Google Play store to top course completers.

This time around, we are providing more flexibility for all of you busy learners. We are running the Programming Mobile Applications courses in more digestible one-month-long sections, each with a meaningful mini-project at the end. Additionally, we will be re-offering the courses more frequently. For example, new sessions of my two introductory courses will be launched on a monthly basis, so that you can find a convenient time to join us or pick up where you left off if you didn’t quite finish before.

For previous MoCCA students: If you have already earned a Verified Certificate in the previous version of this course, "Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems” offered in May 2014, you do not need to retake this course to continue towards the Specialization certificate and final project in 2015. Please consult the Specializations Help Center or contact the Coursera support team if you are not sure whether you qualify.

This MOOC and five others, taught by Dr. Adam Porter from the University of Maryland and Dr. Jules White from Vanderbilt University, have been designed to complement each other as part of the first trans-institution sequence of MOOCs taught on the Coursera platform, structured as follows:

  • The first two courses by Dr. Adam Porter, of the University of Maryland, are Programming Mobile Applications for Android Handheld Systems Part 1 and Part 2. They focus on the design and programming of user-facing applications.  

  • The third and fourth courses by Dr. Douglas Schmidt, of Vanderbilt University, are Programming Mobile Services for Android Handheld Systems: Concurrency and Communication. They focus on middleware systems programming topics, such as synchronous and asynchronous concurrency models, background service processing, structured data management, local inter-process communication and networking, and integration with cloud-based services.  

  • The fifth and sixth courses by Dr. Jules White, of Vanderbilt University, are Programming Cloud Services for Android Handheld Systems: Spring and Security.  They focus on how to connect Android mobile devices to cloud computing and data storage resources, essentially turning a device into an extension of powerful cloud-based services on popular cloud computing platforms, such as Google App Engine and Amazon EC2.

  • The final “capstone” project will require students to develop a complex mobile cloud computing application from the ground up.

Some of the programming assignments and the iRemember integrative project for these MOOCs will be coordinated.  

If you just want to take some of the MOOCs in this sequence or take them all in different order you’re certainly welcome to do so, and you’ll still learn a lot. However, if you take all the MOOCs in this sequence in the order presented you’ll gain a deeper, end-to-end understanding of handheld systems, their applications and services, as well as their integration into the cloud.

课程大纲

The course is organized into the sections outlined below.

  • Module 1: Android App Security and Risks

    • Part 1: Traditional App Accounts

    • Part 2: Mobile vs. Traditional App Accounts

    • Part 3: App Account Mapping to Linux Users

    • Part 4: Apps Lie & Steal

    • Part 5: How Android Protects Apps

    • Part 6: What Android Doesn't Protect

    • Part 7: Avoid Storing Sensitive Data in Public Locations

    • Part 8: Risks of Insecure File Permissions

  • Module 2: Building More Secure Android Apps

    • Part 0: The Challenge of Secure Coding

    • Part 1: Security Vulnerability Walkthrough

    • Part 2: Principles of Secure Abstractions

    • Part 3: Avoid Coupling Data & Security State

    • Part 4: Build Abstractions that are Hard to Use Insecurely

    • Part 5: Bound & Strongly Type Security State

    • Part 6: Avoid Conditional Logic in Secure Pathways

    • Part 7: Prevent Secure Pathways from Being Broken at Runtime

    • Part 8: Privilege Escalation Concepts

    • Part 9: Privilege Escalation Scenario

    • Part 10: Privilege Escalation Code Walkthrough

    • Part 11: Privilege Escalation Fixes

    • Part 12: User Interface Attacks

    • Part 13: Cross-platform User Interface Attacks

  • Module 3: Secure HTTP Communication

    • Part 1: Man in the Middle Attacks Public Key Infrastructure

    • Part 2: HTTPS

    • Part 3: Challenges of Storing Secrets on Mobile

    • Part 4: WebView Security Issues & Best Practices

  • Module 4: What was I Saying: Keeping Track of Sessions

    • Part 1: Sessions

    • Part 2: Spring Security Overview

    • Part 3: Spring Security Configuration in Java

    • Part 4: Building a Custom UserDetailsService

    • Part 5: Setting up a custom UserDetailsService

    • Part 6: The Principal

    • Part 7: Spring Security Role Annotations

    • Part 8: More Complex Expression-based Pre Post Authorize Annotations

    • Part 9: Spring Security Controller Code Walkthrough

    • Part 10: Spring Security Controller Test Code Walkthrough

  • Module 5: Authenticating Mobile Clients with OAuth

    • Part 1: Stateful Sessions with Cookies Why They Aren't Ideal for Mobile

    • Part 2: Stateless Sessions with Tokens

    • Part 3: OAuth 2.0

    • Part 4: Spring Security OAuth 2.0

    • Part 5: A Spring OAuth 2.0 Secured Service

    • Part 6: A Retrofit Oauth 2.0 Client for Password Grants

课程评论(0条)

课程简介

This course introduces students to basic issues in mobile cloud security, malware, and secure client/server communication. Students will learn about security risks in Android and cloud services, threat mitigation strategies, secure coding practices, and tools for managing security of devices.

课程标签

android android开发 云计算 云服务

2人关注该课程

主题相关的课程