Course

Input validation

Now that you understand the need for mobile app security, you should learn how to implement the most fundamental security mechanism of all: input validation.

    Syllabus

  • Activity: Using special characters Video — 00:11:25
    • In this activity, we practice using special characters.

  • SQL injection Video — 00:14:24
    • In this lesson, we learn about SQL injection and how to protect our app from it.

  • Activity: Working with regular expressions Video — 00:14:01
    • In this activity, we practice using regular expressions.

  • Special characters Video — 00:11:04
    • In this lesson, we discuss special characters, escaped characters, string literals and raw strings in Kotlin.

  • Activity: Filtering a malicious QR code Video — 00:08:57
    • In this activity, we protect a QR code reader from malicious input.

  • Regular expressions Video — 00:14:04
    • In this lesson, we explore regular expressions.

  • Autocompletion, Part 2 Video — 00:09:13
    • In this lesson, we discuss autofill hints and SMS one-time-code autofill.

  • Code tampering and injection, Part 2 Video — 00:10:35
  • Activity: Understanding string interpolation Video — 00:15:08
    • In this activity, we implement string interpolation.

  • Activity: Securing Android WebView Video — 00:11:53
    • In this activity, we practice protecting our WebView app.

  • Understanding Input Risks Video — 00:14:59
    • In this lesson, we discuss trusted and untrusted data sources, as well as trust boundaries for an app.

  • Activity: Defending against cross-app scripting Video — 00:09:00
    • In this activity, we protect our app from cross-app scripting.

  • Activity: Implementing null safety, Part 3 Video — 00:15:15
  • WebView vulnerabilities Video — 00:11:34
    • In this lesson, we learn about Android WebView and how to protect our app from SSL errors.

  • Activity: Exploring cross-site scripting Video — 00:10:08
    • In this activity, we examine the impact a cross-site scripting attack on a website.

  • Activity: Implementing null safety Video — 00:11:35
  • Form validation, Part 2 Video — 00:09:37
    • We continue with our form validation discussion, using regex to validate email addresses.

  • Activity: Filtering and trimming input Video — 00:09:49
    • In this activity, we practice using Kotlin filter() and trim().

  • Activity: Validating form input Video — 00:13:29
  • Null safety, Part 5: Safe cast/unsafe cast operators Video — 00:07:57
    • In this lesson, we learn how to use the Kotlin safe cast/unsafe cast operators.

  • Activity: Protecting JSON with an API key, Part 2 Video — 00:04:48
    • We continue with our activity of using an API key to protect JSON.

  • Activity: Clamping input to a range Video — 00:05:16
    • In this activity, we continue practicing input sanitization by clamping input to a range.

  • Null safety, Part 3: Not null operator Video — 00:03:35
  • Object deserialization, Part 2 Video — 00:04:25
    • We continue with our discussion of object deserialization, how to protect against it and how to use Google Gson to parse JSON objects.

  • Input sanitization Video — 00:07:04
    • In this lesson, we discuss input sanitization.

  • Null safety Video — 00:12:17
  • SQL stored procedures Video — 00:04:55
    • In this lesson, we learn about SQL stored procedures and how they can be used to protect against SQL injection.

  • Activity: Working with regular expressions, Part 2 Video — 00:10:03
    • We continue our practice with regular expressions.

  • Special characters, Part 2 Video — 00:06:03
    • In this lesson, we discuss incorporating Unicode characters in our strings.

  • Activity: Filtering a malicious QR code, Part 2 Video — 00:03:59
    • We conclude our activity of protecting our QR code reader app.

  • Regular expressions, Part 2 Video — 00:06:26
    • We continue with our lesson on regular expressions.

  • Activity: Securing autocompletion Video — 00:04:30
    • In this activity, we practice securing autocompletion in our app.

  • Code tampering and injection, Part 3 Video — 00:11:37
    • We conclude our lesson on code injection by learning how to replace unsafe characters, identify scripting in HTML and examining the risks associated with QR codes.

  • Format string attacks Video — 00:07:42
    • In this lesson, we examine format strings and how they can be manipulated in an attack.

  • Autocompletion Video — 00:13:34
    • In this lesson, we discuss how to use autofill and autocorrect in our app.

  • Code tampering and injection Video — 00:07:07
    • In this lesson, we learn what code injection is and how to avoid it.

  • String interpolation Video — 00:11:02
    • In this lesson, we learn what string interpolation is and how to use it in our code.

  • WebView vulnerabilities, Part 2 Video — 00:10:14
    • We continue our exploration of WebView, including protecting against malicious JavaScript. We are also introduced to Google Safe Browsing.

  • Cross-app scripting Video — 00:04:42
    • In this lesson, we learn what cross-app scripting is and how to protect against it.

  • Activity: Implementing null safety, Part 2 Video — 00:13:18
  • Form validation, Part 3 Video — 00:06:29
    • We conclude our form validation lesson, learning how to validate passwords and phone numbers with regex. We also learn how to use Android built-in patterns to validate form input.

  • Cross-site attacks Video — 00:14:13
    • In this lesson, we learn about cross-site scripting and cross-site request forgery attacks.

  • Activity: Validating form input, Part 2 Video — 00:04:36
    • We continue our activity of validating form input.

  • Null safety, Part 6: Smart cast Video — 00:08:55
    • In this lesson, we learn what Kotlin smart cast is and how to use it.

  • Form validation Video — 00:12:12
    • In this lesson, we learn how to use regex to validate form input.

  • Kotlin filter and trim Video — 00:06:35
    • In this lesson, we learn how to use the Kotlin filter() and trim() functions to limit output.

  • Null safety, Part 4: Elvis operator Video — 00:07:00
    • In this lesson, we learn how to use the Kotlin Elvis operator.

  • Activity: Protecting JSON with an API key Video — 00:16:17
    • In this activity, we use an API key to protect JSON input.

  • Activity: Sanitizing input Video — 00:03:51
    • In this activity, we practice sanitizing input.

  • Null safety, Part 2: Safe call operator Video — 00:04:41
    • In this lesson, we learn how to use the Kotlin safe call operator.

  • Object deserialization Video — 00:04:48
    • In this lesson, we learn what object serialization/deserialization is and how it can pose security risks for our app.

  • Activity: Validating input with regular expressions Video — 00:14:56
    • In this activity, we use regular expressions to validate user input in our app.

Syllabus

Course description

Lack of input validation is the single most commonly cited mistake that mobile app developers make. Corrupt or manipulated input lies at the root of most malicious hacking exploits. As a mobile app developer, you need to know how to defend your app and the user’s data from attack. In this course, you will learn which characters can be misinterpreted as commands and how to render those characters harmless. You will practice using input sanitization techniques including regular expressions. You’ll defend against SQL injection, understand the larger scope of cross-site scripting, cross-site request forgeries and cross-app scripting. You will also learn how to defend against unexpected attack vectors such as QR codes and deserialized JSON objects. Finally, you will learn about validating input in forms.

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library