Learning iOS penetration testing : secure your iOS applications and uncover hidden vunerabilities by conducting penetration tests /

Mostrar otras versiones (1)

Annotation

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Yermalkar, Swaroop (Autor)
Otros Autores: Peterson, Gunnar (author of foreword.)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, 2016.
Colección:Community experience distilled.
Temas:
iOS (Electronic resource)
IOS (Electronic resource)
Penetration testing (Computer security)
Tests d'intrusion.
COMPUTERS > Computer Science.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Copyright; Credits; Foreword
  • Why MobileSecurity Matters; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing iOS Application Security; Basics of iOS and application development; Developing your first iOS app; Running apps on iDevice; iOS MVC design; iOS security model; iOS secure boot chain; iOS application signing; iOS application sandboxing; OWASP Top 10 Mobile Risks; Weak server-side controls; Insecure data storage; Insufficient transport layer protection; Side channel data leakage; Poor authorization and authentication
  • Broken cryptographyClient-side injection; Security decisions via untrusted input; Improper session handling; Lack of binary protections; Summary; Chapter 2: Setting up Lab for iOS App Pentesting; Need for jailbreaking; What is jailbreak?; Types of jailbreaks; Hardware and software requirements; Jailbreaking iDevice; Adding sources to Cydia; Connecting with iDevice; Transferring files to iDevice; Connecting to iDevice using VNC; Installing utilities on iDevice; Installing idb tool; Installing apps on iDevice; Pentesting using iOS Simulator; Summary
  • Chapter 3: Identifying the Flaws in Local StorageIntroduction to insecure data storage; Installing third-party applications; Insecure data in the plist files; Insecure storage in the NSUserDefaults class; Insecure storage in SQLite database; SQL injection in iOS applications; Insecure storage in Core Data; Insecure storage in keychain; Summary; Chapter 4: Traffic Analysis for iOS Application; Intercepting traffic over HTTP; Intercepting traffic over HTTPS; Intercepting traffic of iOS Simulator; Web API attack demo; Bypassing SSL pinning; Summary
  • Chapter 5: Sealing up Side Channel Data LeakageData leakage via application screenshot; Pasteboard leaking sensitive information; Device logs leaking application sensitive data; Keyboard cache capturing sensitive data; Summary; Chapter 6: Analyzing iOS Binary Protections; Decrypting unsigned iOS applications; Decrypting signed iOS applications; Analyzing code by reverse engineering; Analyzing iOS binary; Hardening binary against reverse engineering; Summary; Chapter 7: The iOS App Dynamic Analysis; Understanding Objective-C runtime; Dynamic analysis using Cycript
  • Runtime analysis using Snoop-itDynamic analysis on iOS Simulator; Summary; Chapter 8: iOS Exploitation; Setting up exploitation lab; Shell bind TCP for iOS; Shell reverse TCP for iOS; Creating iOS backdoor; Converting iDevice to a pentesting device; Summary; Chapter 9: Introducing iOS Forensics; Basics of iOS forensics; The iPhone hardware; The iOS filesystem; Physical acquisition; Data backup acquisition; iOS forensics tools walkthrough; Elcomsoft iOS Forensic Toolkit (EIFT); Open source and free tools; Summary; Index

Ejemplares similares