26 Jun, 2017

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino

Since nVisium first launched its On-Demand Training Platform to educate software developers on secure coding in 2016, we have received some incredible and valuable feedback from our users. We’ve taken a great deal of that feedback and have incorporated it directly into the product to improve it. Software developers love learning with nVisium because they are immersed in an environment that is relevant to them, which is writing code, rather than watching boring computer-based training (CBT) videos. Our initial courses focused on web applications and frameworks including Spring, ASP.NET, and Django. The number one question over the past year has been “When will you release secure mobile development courses that we can use to educate our developers?”. The answer to that, my friends, is now.

Secure Coding for Mobile Developers

Today we are announcing availability of iOS and Android courses within nVisium’s On-Demand Training Platform. We support the latest operating system and framework versions. The iOS course is built for iOS 10 and the Android course covers Android Nougat. If you are familiar with our education model, then you know that our courses require you to get your hands dirty and fix code rather than watch videos all day long. Students progress through the course by fixing application vulnerabilities and flaws. As they modify the code, they receive feedback through normal testing mechanisms and interactive grading. Once one problem is fixed and validated, they move onto the next challenge. On top of this interactive developer education feature, each course provides a full content library consisting of high-quality, short and consumable videos and a repository of secure and insecure code examples with detailed explanations.

Our mobile courses cover securing mobile applications across the entire attack surface. Developers will learn how to protect data on the mobile device, secure communications, and how to properly authenticate and authorize user actions. The beauty of modern mobile platforms is that they provide a considerable amount of security controls and features to leverage. Our goal is to teach developers how to think about security architecture from day one, while also taking advantage of security quick wins that are easy to implement and have a positive impact. The only way for developers to pass either mobile course is by successfully securing code. As a development or security manager, this is a powerful assurance that your team did more than just click through a bunch of videos and answer multiple-choice questions.

iOS and Android Training In Action

So how does it work? First, your developers will be invited through an email to the courses you wish them to complete.

Invitation

If they have never used the nVisium On-Demand platform, they will be asked to create an account after following the Get Started link. Otherwise, they will be taken directly to the course to begin the learning process.

iOS Secure Coding Course Overview

At this point, the Course Setup tab will take them through the download of relevant code for the course they are taking, including accessing the code repository and setting up their IDE for use. Each module includes a short video tutorial and written content that covers the same topic. For instance, the following module walks through identifying sensitive data hard-coded in mobile application source.

Course Module

Once a student has identified and remediated all instances of the vulnerability in the provided source, they run tests locally to validate the fixes. As each module is completed by successfully building secure code, the associated tests will pass. Upon completion of all modules, students submit the code back to the source code repository using a unique identifier and branch.

Submitting Your Code

nVisium validates that the vulnerabilities have been remediated and provides a final grade.

Receiving Your Score

We are excited for developers to explore these new courses and to begin their journey into secure mobile development. As software developers, we have a greater duty than ever before to ensure that our products are resistant to attack and that user privacy and safety are a top priority.

We invite you to come learn with nVisium and take our platform for a test drive. We offer single-user licensing as well as Enterprise licensing and Single-Sign On support.

Learn more about the new courses through the upcoming webinar nVisium On-Demand Training Expansion: Gamified iOS & Android Secure Development Courses hosted by nVisium’s CSO Seth Law and CTO Ken Johnson on June 28 at 2pm EDT.