droidcon NYC ’19: Best Practices for Mobile App Security Testing
Mobile apps remain a prime attack vector—and most teams lack structured security testing workflows. This droidcon NYC session distils battle-tested practices for identifying vulnerabilities before they reach production, covering both Android and iOS threat landscapes.
AIU.ac Verdict: Ideal for Android/iOS developers and QA engineers who need practical, immediately applicable security testing techniques. The 32-minute format is punchy but assumes baseline mobile development knowledge; absolute beginners may need supplementary resources on threat modelling fundamentals.
What This Course Covers
The course addresses the critical gap between development velocity and security rigour. You’ll explore threat modelling for mobile contexts, common vulnerability patterns (insecure storage, weak authentication, API exploitation), and hands-on testing methodologies including static analysis, dynamic testing, and penetration testing approaches tailored to mobile constraints.
Expect practical guidance on integrating security testing into CI/CD pipelines, selecting appropriate tools (both open-source and commercial), and communicating findings to non-technical stakeholders. The droidcon NYC perspective brings real-world conference insights—this isn’t theoretical; it’s what production teams are actually doing to harden apps at scale.
Who Is This Course For?
Ideal for:
- Android/iOS Developers: Need to shift security left and understand vulnerability classes before code review.
- Mobile QA & Security Engineers: Building or improving security testing frameworks and want battle-tested methodologies.
- Tech Leads & Engineering Managers: Evaluating security testing maturity and seeking structured approaches for their teams.
May not suit:
- Complete Beginners: Assumes familiarity with mobile development workflows; foundational security concepts aren’t covered.
- Enterprise Security Architects: 32 minutes is insufficient for policy-level decision-making or large-scale compliance frameworks.
Frequently Asked Questions
How long does droidcon NYC ’19: Best Practices for Mobile App Security Testing take?
The course is 32 minutes—designed as a focused session rather than a comprehensive deep-dive. Ideal for busy practitioners who need actionable insights without multi-hour commitment.
Do I need Android or iOS experience to benefit?
Yes. This assumes you’re already shipping or maintaining mobile apps. The content bridges security and development practice, not foundational mobile programming.
Will this cover specific tools like Burp Suite or Frida?
The session focuses on methodology and threat landscape rather than tool-specific walkthroughs. You’ll understand *what* to test and *why*; tool selection depends on your stack and budget.
Is this content still relevant post-2019?
Core vulnerability classes (insecure storage, weak auth, API exploitation) remain constant. However, you should pair this with current threat intelligence—mobile attack surfaces evolve annually.
Course by droidcon NYC on Pluralsight. Duration: 0h 32m. Last verified by AIU.ac: March 2026.
