iOS application security: the definitive guide for hackers and developers

✍ Scribed by Thiel, David

Publisher: No Starch Press
Year: 2016
Tongue: English
Leaves: 297
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

"Covers fundamentals of iOS security and application development including the basics of Objective-C, white and black box testing, how to eliminate data leaks, and iOS penetration testing and evaluation. Includes coverage of iOS 8"--;About the Author ; About the Technical Reviewer ; Brief Contents ; Contents in Detail ; Foreword by Alex Stamos ; Acknowledgments ; Introduction ; Who This Book Is For ; What's in This Book ; How This Book Is Structured ; Conventions This Book Follows ; A Note on Swift ; Mobile Security Promises and Threats ; What Mobile Apps Shouldn't Be Able to Do ; Classifying Mobile Security Threats in This Book ; Some Notes for iOS Security Testers ; Part I: iOS Fundamentals ; Chapter 1: The iOS Security Model ; Secure Boot ; Limiting Access with the App Sandbox

✦ Table of Contents

About the Author
About the Technical Reviewer
Brief Contents
Contents in Detail
Foreword by Alex Stamos
Acknowledgments
Introduction
Who This Book Is For
What's in This Book
How This Book Is Structured
Conventions This Book Follows
A Note on Swift
Mobile Security Promises and Threats
What Mobile Apps Shouldn't Be Able to Do
Classifying Mobile Security Threats in This Book
Some Notes for iOS Security Testers
Part I: iOS Fundamentals
Chapter 1: The iOS Security Model
Secure Boot
Limiting Access with the App Sandbox Data Protection and Full-Disk Encryption The Encryption Key Hierarchy
The Keychain API
The Data Protection API
Native Code Exploit Mitigations: ASLR, XN, and Friends
Jailbreak Detection
How Effective Is App Store Review?
Bridging from WebKit
Dynamic Patching
Intentionally Vulnerable Code
Embedded Interpreters
Closing Thoughts
Chapter 2: Objective-C for the Lazy
Key iOS Programming Technology
Passing Messages
Dissecting an Objective-C Program
Declaring an Interface
Inside an Implementation File
Specifying Callbacks with Blocks
How Objective-C Manages Memory Automatic Reference Counting Delegates and Protocols
Should Messages
Will Messages
Did Messages
Declaring and Conforming to Protocols
The Dangers of Categories
Method Swizzling
Closing Thoughts
Chapter 3: iOS Application Anatomy
Dealing with plist Files
Device Directories
The Bundle Directory
The Data Directory
The Documents and Inbox Directories
The Library Directory
The tmp Directory
The Shared Directory
Closing Thoughts
Part II: Security Testing
Chapter 4: Building Your Test Platform
Taking Off the Training Wheels
Suggested Testing Devices Testing with a Device vs. Using a Simulator Network and Proxy Setup
Bypassing TLS Validation
Bypassing SSL with stunnel
Certificate Management on a Device
Proxy Setup on a Device
Xcode and Build Setup
Make Life Difficult
Enabling Full ASLR
Clang and Static Analysis
Address Sanitizer and Dynamic Analysis
Monitoring Programs with Instruments
Activating Instruments
Watching Filesystem Activity with Watchdog
Closing Thoughts
Chapter 5: Debugging with lldb and Friends
Useful Features in lldb
Working with Breakpoints
Navigating Frames and Variables Visually Inspecting Objects Manipulating Variables and Properties
Breakpoint Actions
Using llbd for Security Analysis
Fault Injection
Tracing Data
Examining Core Frameworks
Closing Thoughts
Chapter 6: Black-Box Testing
Installing Third-Party Apps
Using a .app Directory
Using a .ipa Package File
Decrypting Binaries
Launching the debugserver on the Device
Locating the Encrypted Segment
Dumping Application Memory
Reverse Engineering from Decrypted Binaries
Inspecting Binaries with otool
Obtaining Class Information with class-dump

✦ Subjects

Application software--Development;iPad (Computer)--Security measures;iPhone (Smartphone)--Mobile apps--Security measures;Mobile computing--Security measures;Objective-C (Computer program language);iOS (Electronic resource);Mobile computing -- Security measures;iPhone (Smartphone) -- Mobile apps -- Security measures;iPad (Computer) -- Security measures;Application software -- Development

📜 SIMILAR VOLUMES