老王的智能终端安全专栏

老王的微博 http://weibo.com/secwang

android安全开发者必看文章

无意中看到一篇CompTIA Mobile App Security+ Certification Exam

This exam will certify that the successful candidate has the knowledge and skills required
to securely create a native Android mobile application, while also ensuring secure
network communications and backend Web services.

以后支付行业的安全工程师也得测评,认证通过方可上岗。要不然就不出这么多问题了。

这篇文章只是提供一个框架,还需要细化到具体。依托这个框架,可以定义Android安全开发指引,以便指导安全工程师开发程序。

要求工程师具备:

The successful candidate should have the knowledge and skills to:
Describe fundamental principles of application security
Describe the security model of Android devices
Describe common threats to mobile application security
Develop moderately complex applications using the Android SDK
Describe Web services security model and vulnerabilities
Properly implement SSL/TLS for Web communications
Utilize the security features of the Android operating system and APIs
Properly implement secure coding techniques
Avoid insecure retention of data in memory
Describe common implementations of cryptography such as PKI
Leverage encryption for storage and/or communications
Understand access control and file permissions
Harden an application against attack to levels appropriate for the risk model of theapplication

 

这个认证里面列出了知识点,

 

 

 

阅读更多
个人分类: android
上一篇手机支付安全能依赖终端自身的硬件吗?
下一篇安卓游戏盗取用户 WhatsApp 聊天记录 带给我们的思考!
想对作者说点什么? 我来说一句

android开发学习资料文献

2013年08月02日 137KB 下载

Android开发人员必看资料

2014年03月30日 228KB 下载

EoeAndroid特刊25期全

2012年10月31日 52.86MB 下载

没有更多推荐了,返回首页

关闭
关闭