关闭

android安全开发者必看文章

2640人阅读 评论(0) 收藏 举报
分类:

无意中看到一篇CompTIA Mobile App Security+ Certification Exam

This exam will certify that the successful candidate has the knowledge and skills required
to securely create a native Android mobile application, while also ensuring secure
network communications and backend Web services.

以后支付行业的安全工程师也得测评,认证通过方可上岗。要不然就不出这么多问题了。

这篇文章只是提供一个框架,还需要细化到具体。依托这个框架,可以定义Android安全开发指引,以便指导安全工程师开发程序。

要求工程师具备:

The successful candidate should have the knowledge and skills to:
 Describe fundamental principles of application security
 Describe the security model of Android devices
 Describe common threats to mobile application security
 Develop moderately complex applications using the Android SDK
 Describe Web services security model and vulnerabilities
 Properly implement SSL/TLS for Web communications
 Utilize the security features of the Android operating system and APIs
 Properly implement secure coding techniques
 Avoid insecure retention of data in memory
 Describe common implementations of cryptography such as PKI
 Leverage encryption for storage and/or communications
 Understand access control and file permissions
 Harden an application against attack to levels appropriate for the risk model of theapplication

 

这个认证里面列出了知识点,

 

 

 

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:167076次
    • 积分:2303
    • 等级:
    • 排名:第16850名
    • 原创:47篇
    • 转载:17篇
    • 译文:17篇
    • 评论:35条
    最新评论