IOS application security : the definitive guide for hackers and developers /

IOS Application Security covers everything you need to know to design secure iOS apps from the ground up and keep users' data safe.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Thiel, David, 1980- (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: San Francisco, CA : No Starch Press, [2016]
Temas:
iOS (Electronic resource)
IOS (Electronic resource)
Mobile computing > Security measures.
iPhone (Smartphone) > Mobile apps > Security measures.
iPad (Computer) > Security measures.
Application software > Development.
Objective-C (Computer program language)
Informatique mobile > Sécurité > Mesures.
iPad (Ordinateur) > Sécurité > Mesures.
Logiciels d'application > Développement.
Objective-C (Langage de programmation)
COMPUTERS > Computer Literacy.
COMPUTERS > Computer Science.
COMPUTERS > Data Processing.
COMPUTERS > Hardware > General.
COMPUTERS > Information Technology.
COMPUTERS > Machine Theory.
COMPUTERS > Reference.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • About the Author ; About the Technical Reviewer ; Brief Contents ; Contents in Detail ; Foreword by Alex Stamos ; Acknowledgments ; Introduction ; Who This Book Is For ; What's in This Book ; How This Book Is Structured ; Conventions This Book Follows ; A Note on Swift ; Mobile Security Promises and Threats ; What Mobile Apps Shouldn't Be Able to Do ; Classifying Mobile Security Threats in This Book ; Some Notes for iOS Security Testers ; Part I: iOS Fundamentals ; Chapter 1: The iOS Security Model ; Secure Boot ; Limiting Access with the App Sandbox.
  • Data Protection and Full-Disk Encryption The Encryption Key Hierarchy ; The Keychain API ; The Data Protection API ; Native Code Exploit Mitigations: ASLR, XN, and Friends ; Jailbreak Detection ; How Effective Is App Store Review? ; Bridging from WebKit ; Dynamic Patching; Intentionally Vulnerable Code ; Embedded Interpreters ; Closing Thoughts ; Chapter 2: Objective-C for the Lazy ; Key iOS Programming Technology ; Passing Messages ; Dissecting an Objective-C Program ; Declaring an Interface ; Inside an Implementation File ; Specifying Callbacks with Blocks ; How Objective-C Manages Memory.
  • Automatic Reference Counting Delegates and Protocols ; Should Messages ; Will Messages ; Did Messages ; Declaring and Conforming to Protocols ; The Dangers of Categories ; Method Swizzling ; Closing Thoughts ; Chapter 3: iOS Application Anatomy ; Dealing with plist Files ; Device Directories ; The Bundle Directory ; The Data Directory ; The Documents and Inbox Directories ; The Library Directory ; The tmp Directory ; The Shared Directory ; Closing Thoughts ; Part II: Security Testing ; Chapter 4: Building Your Test Platform ; Taking Off the Training Wheels ; Suggested Testing Devices.
  • Testing with a Device vs. Using a Simulator Network and Proxy Setup ; Bypassing TLS Validation ; Bypassing SSL with stunnel ; Certificate Management on a Device ; Proxy Setup on a Device ; Xcode and Build Setup ; Make Life Difficult ; Enabling Full ASLR ; Clang and Static Analysis ; Address Sanitizer and Dynamic Analysis ; Monitoring Programs with Instruments ; Activating Instruments ; Watching Filesystem Activity with Watchdog ; Closing Thoughts ; Chapter 5: Debugging with lldb and Friends ; Useful Features in lldb ; Working with Breakpoints ; Navigating Frames and Variables.
  • Visually Inspecting Objects Manipulating Variables and Properties ; Breakpoint Actions ; Using llbd for Security Analysis ; Fault Injection ; Tracing Data ; Examining Core Frameworks ; Closing Thoughts ; Chapter 6: Black-Box Testing ; Installing Third-Party Apps ; Using a .app Directory ; Using a .ipa Package File ; Decrypting Binaries ; Launching the debugserver on the Device ; Locating the Encrypted Segment ; Dumping Application Memory ; Reverse Engineering from Decrypted Binaries ; Inspecting Binaries with otool; Obtaining Class Information with class-dump.

Ejemplares similares