iOS application security the definitive guide for hackers and developers
iOS Application Security covers everything you need to know to design secure iOS apps from the ground up and keep users' data safe.
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
San Francisco, California :
No Starch Press
2016.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630104006719 |
Tabla de Contenidos:
- About the Author ; About the Technical Reviewer ; Brief Contents ; Contents in Detail ; Foreword by Alex Stamos ; Acknowledgments ; Introduction ; Who This Book Is For ; What's in This Book ; How This Book Is Structured ; Conventions This Book Follows ; A Note on Swift ; Mobile Security Promises and Threats ; What Mobile Apps Shouldn't Be Able to Do ; Classifying Mobile Security Threats in This Book ; Some Notes for iOS Security Testers ; Part I: iOS Fundamentals ; Chapter 1: The iOS Security Model ; Secure Boot ; Limiting Access with the App Sandbox
- Data Protection and Full-Disk Encryption The Encryption Key Hierarchy ; The Keychain API ; The Data Protection API ; Native Code Exploit Mitigations: ASLR, XN, and Friends ; Jailbreak Detection ; How Effective Is App Store Review? ; Bridging from WebKit ; Dynamic Patching; Intentionally Vulnerable Code ; Embedded Interpreters ; Closing Thoughts ; Chapter 2: Objective-C for the Lazy ; Key iOS Programming Technology ; Passing Messages ; Dissecting an Objective-C Program ; Declaring an Interface ; Inside an Implementation File ; Specifying Callbacks with Blocks ; How Objective-C Manages Memory
- Automatic Reference Counting Delegates and Protocols ; Should Messages ; Will Messages ; Did Messages ; Declaring and Conforming to Protocols ; The Dangers of Categories ; Method Swizzling ; Closing Thoughts ; Chapter 3: iOS Application Anatomy ; Dealing with plist Files ; Device Directories ; The Bundle Directory ; The Data Directory ; The Documents and Inbox Directories ; The Library Directory ; The tmp Directory ; The Shared Directory ; Closing Thoughts ; Part II: Security Testing ; Chapter 4: Building Your Test Platform ; Taking Off the Training Wheels ; Suggested Testing Devices
- Testing with a Device vs. Using a Simulator Network and Proxy Setup ; Bypassing TLS Validation ; Bypassing SSL with stunnel ; Certificate Management on a Device ; Proxy Setup on a Device ; Xcode and Build Setup ; Make Life Difficult ; Enabling Full ASLR ; Clang and Static Analysis ; Address Sanitizer and Dynamic Analysis ; Monitoring Programs with Instruments ; Activating Instruments ; Watching Filesystem Activity with Watchdog ; Closing Thoughts ; Chapter 5: Debugging with lldb and Friends ; Useful Features in lldb ; Working with Breakpoints ; Navigating Frames and Variables
- Visually Inspecting Objects Manipulating Variables and Properties ; Breakpoint Actions ; Using llbd for Security Analysis ; Fault Injection ; Tracing Data ; Examining Core Frameworks ; Closing Thoughts ; Chapter 6: Black-Box Testing ; Installing Third-Party Apps ; Using a .app Directory ; Using a .ipa Package File ; Decrypting Binaries ; Launching the debugserver on the Device ; Locating the Encrypted Segment ; Dumping Application Memory ; Reverse Engineering from Decrypted Binaries ; Inspecting Binaries with otool; Obtaining Class Information with class-dump
- Extracting Data from Running Programs with Cycript
