Skip to 0 minutes and 6 seconds DR GARY WILLS: This is the end of the course on secure coding on Android. On this course, we have given you some material on how to make your code secure, a tool within which you can test your code to ensure that there are no known vulnerabilities, and a set of resources. However, this is not the end of the journey. What we’ve done on this course is given you the fundamentals, but there’s much more to learn, and we hope through the resources we have given you you’ll be able to explore more on how to make secure code.
We've only just begun
In this short video, Dr Gary Wills reminds us that we have covered a lot in the last four weeks, but this is only the beginning. Becoming a cyber security expert can be a long hard slog, but it also can be a lot of fun!
What other techniques can be applied to make software more secure
For example, one of the topics we didn’t cover this week is two-factor authentication. Many online services are adopting two-factor authentication to improve security.
Other topics include:
Dynamic analysis: this contrasts with static analysis in that it analyses the running code.
Formal methods: a more advanced approach often used in safety critical systems where correctness is absolutely vital.
This is far from a complete list, but just gives you a taster of some of the other techniques that can be applied to make your software more secure.
Online resources from Hewlett Packard Enterprise
A catalogue of software security vulnerabilities broken down by type and programming language with cross-references to relevant application security standards can be found in the Fortify Taxonomy: Software Security Errors.
Application Security and DevOps: a research study on how organizations have incorporated application security controls into a DevOps environment.
If you are working on an application development project why not try the HPE Fortify on Demand service - it is completely free to try for two express scans, load your code and you will get a full report detailing the code vulnerabilities as well as steps to address .
Keep up to date with the latest application security threats and controls on the Fortify Application Security blog.
If you are interested in further reading, and more about the nature of cyber crime, check out the HPE Security Research paper on the current threat landscape.
Jeff Six, Application Security for the Android Platform. This book is from 2011 and so does not cover the latest releases of Android, but it does cover the basics well.
And finally, a real example of Android malware
This report by CrowdStrike illustrates how cyber war need not be that far from real war.
A very scary thought indeed!
© University of Southampton 2017