Android Secure Coding Seminars in India

Hello. This is Masaki from Vulnerability Analysis Team. JPCERT/CC has been active in doing research, developing coding standards and conducting seminars in secure coding since 2007. In the course of our activities, we've collaborated with CSIRTs in Asia-Pacific region such as ThaiCERT, PHCERT, ID-SIRTII/CC, Academic-CERT in Indonesia, VNCERT and CERT-In in providing secure coding training to software developers in each region.

Last month, Hiroshi (my teammate and senior vulnerability analyst), Osamu (of Global Coordination Division) and I traveled to India to hold secure coding training for local developers.

The events were joint efforts of CERT-In, Data Security Council of India (DSCI) and JPCERT/CC. We delivered 1-day Android Secure Coding Seminar both in Delhi and Bangalore.

This was not my first trip to India. In 2010, my colleague Yozo and I visited there for 2-day C/C++ secure coding training.

The seminar in Delhi was opened up by the warm welcome speech by DSCI Director Mr. Vinayak Godse and CERT-In Senior Director Dr. A.S. Kamble, both we've known each other since 2010. After the speech, we jumped into the series of lectures and hands-on: security landscape of Android platform, case studies of real world vulnerable android applications, hands-on exercise on vulnerability analysis, security code review and secure coding of Android application.

  Hiroshi at the lecture, Delhi

The background of 28 participants in Delhi and 18 in Bangalore were diverse a security researcher, software developers, senior managers of software development division and of course Android app developers. All from different sectors: U.S-based bank, retail company and fortune 500 IT giants, global consulting firms, Indian financial IT solution companies and banks, etc.

I have experience in teaching over 4000 developers in Japan and the AP region so far, and to be honest, the attendees we've met in Delhi and Bangalore were the most attentive and enthusiastic. They were able to squeeze all the lessons out of the seminar, even pointed out our incomplete solutions and found another vulnerability we were not aware of. We also learned a lot from the dialogue with such attendees and would like to thank them again here.

Participants analyzing vulnerable Android apps using their own device

The course material is available from the slideshare, so if you’re interested, please take a look:

 Android Secure Coding

Oh, and finally, for our Japanese readers, we recently translated “Secure Coding in C and C++ (2nd Edition) “, written by our friend Robert Seacord and his fellows at CMU/SEI. The book was published just last month. Please check it out!

Thanks for reading all.

- Masaki Kubo