Privilege Escalation II - Security & Sustainability II | Coursera

Para EmpresasPara los estudiantes

Explorar
Principales cursos
Inicia Sesión
Únete de forma gratuita

Privilege Escalation II

Loading...

Engineering Maintainable Android Apps

Universidad Vanderbilt

4.5 (257 calificaciones) | 25 mil estudiantes inscritos

Curso 4 de 5 en Android App Development Programa Especializado

Inscríbete gratis

Engineering Maintainable Android Apps, which is a 4 week MOOC that shows by example various methods for engineering maintainable Android apps, including test-driven development methods and how to develop/run unit tests using JUnit and Robotium (or equivalent automated testing frameworks for Android), as well as how to successfully apply common Java/Android software patterns to improve the extensibility and clarity of Android apps. Students will work on the appropriate automated unit quizzes, based on the material covered in the lecture videos. These lessons will demonstrate the benefits of good software engineering practices that are targeted at creating maintainable code for mobile apps. There will be roughly 3-4 hours of student engagement time per week, including video lectures, and quizzes. The ordering of the modules within the course is designed to be flexible. In particular, students can watch the videos in whatever order suits their experience and needs, e.g., they may want to watch the unit testing videos prior to the software pattern videos if they prefer to learn about unit testing first.

Destrezas que aprenderás

Software Testing, Unit Testing, Android Software Development, Junit

Reseñas

4.5 (257 calificaciones)

5 stars
68.48%
4 stars
22.17%
3 stars
5.83%
2 stars
1.94%
1 star
1.55%

GN

2 de ago. de 2017

An Excellent course. I will say it is an online course that made me study as if I were in a classroom

ME

19 de sep. de 2017

gave me a very good overview on security as a whole and on security specifically for android.

De la lección

Security & Sustainability II

This module provides an introduction to Unit Testing using the Junit 4.0 Framework in Android, as well as an introduction to Testing Frameworks using the Robotium open-source test framework for writing graybox testing cases to automate the testing of multi-Activity Android apps.

Traditional App Accounts3:15

Traditional vs. Mobile App Accounts5:28

App Account Mapping to Linux Users4:45

Apps Lie & Steal4:23

How Android Protects Apps13:52

What Android Does Not Protect14:20

The Challenges of Secure Coding2:48

Security Vulnerability Walkthrough7:30

The iRemember App Example3:38

Privilege Escalation I5:40

Privilege Escalation II4:07

Privilege Escalation III6:22

Course Wrap-up13:59

Impartido por:

Dr. Douglas C. Schmidt
Professor of Computer Science and Associate Chair of the Computer Science and Engineering Program
Michael Walker
Instructor - Graduate Student pursuing PhD in Computer Science
Dr. Jules White
Associate Professor of Computer Science

Prueba el curso Gratis

Transcripción

[MUSIC] Let's look at another way that an open service, that can be invoked by an intent might accidentally leak a capability that another app does not currently have permission to access through that intent-based service. So let's assume that we have a service that allows an app to download an arbitrary file by simply sending our app an intent and you tell our app, what is the URL of the file that you want to download? Our app will automatically go and download that file, store it to disk and then return via intent to whatever app called us the location of the file that we downloaded. So, we're creating a generic download service that we want to expose to other apps on the device via an intent. Well, let's say that your malware and you want to download a malicious payload to the device. So for example, you want to download some extra code that's going to be used to attack the device. Well, if you're malware and you have no permissions, you look a lot less suspicious to the user. So, you can have no permissions. And essentially, the user is going to think, well, it's unlikely this app is going to do anything very malicious, because it has no permissions. But in reality, because you've created this app that allows another app to send an intent to download something. So we're going to send an intent and we're going to say, download attack payload. So we'll go and tell it this malicious payload that we want to get downloaded, it'll go off to the internet and get that payload for us and return the attack payload. And then it will return to this piece of malware in its on result. The file where the attack payload is stored. So in this case, what we've got is we've got an app that's creating a service, that's intended to be helpful to other apps in the device. But because it allows any app to send in an intent saying, go and download something for me and then it blindly goes and accesses the internet which is a capability that it has. Downloads the payload for it and then returns the payload to whoever sent it that intent. Again, we're bypassing Android's built-in permissions mechanism by having a piece of malware that's essentially manipulating another app into getting access to a capability in the device. In this case, access to the internet that it doesn't currently have. So one of the things you have to be cognizant of is that although you can create apps that can talk to other apps, that when you talk to those other apps that you talk to them in a way and take commands or other things from them in a way that doesn't break the permission model on the Android. That if you're going to use something like internet or the camera that you make sure that the way that you're using and accessing that thing and the data you're returning to the application that's asking for access to it isn't done in such a way that you're breaking the permissions or circumventing what the user intended that app to have access to. If the user didn't give a piece of malware or any informations, your app shouldn't be exposing additional capabilities or permissions to that malware by not checking the capabilities that it has when it begins interacting with it.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera Footer

Principales cursos en línea

Buscar el objetivo y el significado de la vida
Comprender las investigaciones médicas
Japonés para principiantes
Introducción a la Informática en la nube
Bases para la concientización
Aspectos básicos de las finanzas
Aprendizaje Automático
Aprendizaje automático con Sas Viya
La ciencia del bienestar
Rastreo de contactos de COVID-19
IA para todos
Mercados financieros
Introducción a la Psicología
Primeros pasos con AWS
Marketing internacional
C++
Análisis predictivo y minería de datos
Aprender a aprender en UCSD
Programación para todos de Michigan
Programación JHU R
Capacitación en CPI de Google CBRS

Principales especializaciones en línea

Procesamiento natural del lenguaje (NLP)
IA para medicina
Experto en palabras: escritura y edición
Modelización de enfermedades infecciosas
Pronunciación del inglés americano
Automatización de las pruebas de software
Aprendizaje profundo
Python para todos
Ciencia de Datos
Aspectos básicos de los negocios
Habilidades de Excel aplicadas para los negocios
Ciencia de los datos con Python
Finanzas para todos
Habilidades de comunicación para ingenieros
Capacitación en ventas
Carrera en gestión de marcas
Análisis de negocios en Wharton
Psicología positiva en Penn
Aprendizaje automático en Washington
Diseño gráfico de CalArts

Certificados en linea

Certificados profesionales
Certificados MasterTrack
Soporte de TI de Google
Ciencia de datos de IBM
Ingeniería de datos de Google Cloud
IA aplicada por IBM
Arquitectura de Google Cloud
Analista de ciberseguridad de IBM
Automatización de TI de Google con Python
Profesional de mainframe de z/OS de IBM
Gestión aplicada de proyectos en UCI
Certificado en diseño instruccional
Certificado en ingeniería y gestión de la construcción
Certificado en grandes datos
Certificado en Aprendizaje automático para el análisis
Certificado en emprendimientos y gestión de la innovación
Certificado en Sostenibilidad y Desarrollo
Certificado en trabajo social
Certificado en IA y aprendizaje automático
Certificado en Análisis y visualización de datos espaciales

Programas de titulación en línea

Títulos en ciencias informáticas
Títulos en negocios
Títulos en salud pública
Títulos en ciencias de los datos
Licenciaturas
Licenciatura en Ciencias de la Computación
Maestría en Ingeniería eléctrica
Título de finalización de licenciatura
Maestría en Gestión
Maestría en Ciencias informáticas
MPH
Maestría en contabilidad
MCIT
MBA en línea
Maestría en ciencias de los datos aplicada
MBA global
Maestría en Innovación y emprendimiento
Maestría en Ciencia de los datos
Maestría en Ciencias informáticas
Maestría en Salud Pública

Coursera

Acerca de
Qué ofrecemos
Liderazgo
Empleo
Catálogo
Certificados
Certificados MasterTrack™
Grados
Para Empresas
Para gobiernos
Para el campus

Comunidad

Estudiantes
Socios
Desarrolladores
Probador beta
Traductores
Blog
Blog de Tecnología
Centro de enseñanza

Más

Términos
Privacidad
Ayuda
Accesibilidad
Prensa
Contacto
Directorio
Afiliados

Aprende en cualquier lado

Consíguelo en Google Play

© 2021 Coursera Inc. Todos los derechos reservados.