无意中看到一篇CompTIA Mobile App Security+ Certification Exam
This exam will certify that the successful candidate has the knowledge and skills required
to securely create a native Android mobile application, while also ensuring secure
network communications and backend Web services.
以后支付行业的安全工程师也得测评,认证通过方可上岗。要不然就不出这么多问题了。
这篇文章只是提供一个框架,还需要细化到具体。依托这个框架,可以定义Android安全开发指引,以便指导安全工程师开发程序。
要求工程师具备:
The successful candidate should have the knowledge and skills to:
Describe fundamental principles of application security
Describe the security model of Android devices
Describe common threats to mobile application security
Develop moderately complex applications using the Android SDK
Describe Web services security model and vulnerabilities
Properly implement SSL/TLS for Web communications
Utilize the security features of the Android operating system and APIs
Properly implement secure coding techniques
Avoid insecure retention of data in memory
Describe common implementations of cryptography such as PKI
Leverage encryption for storage and/or communications
Understand access control and file permissions
Harden an application against attack to levels appropriate for the risk model of theapplication
这个认证里面列出了知识点,
1463
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
