Learning iOS penetration testing secure your iOS applications and uncover hidden vunerabilities by conducting penetration tests
Annotation
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham
Packt Publishing
2016
|
| Series: | Community experience distilled
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Runtime analysis using Snoop-itDynamic analysis on iOS Simulator; Summary; Chapter 8: iOS Exploitation; Setting up exploitation lab; Shell bind TCP for iOS; Shell reverse TCP for iOS; Creating iOS backdoor; Converting iDevice to a pentesting device; Summary; Chapter 9: Introducing iOS Forensics; Basics of iOS forensics; The iPhone hardware; The iOS filesystem; Physical acquisition; Data backup acquisition; iOS forensics tools walkthrough; Elcomsoft iOS Forensic Toolkit (EIFT); Open source and free tools; Summary; Index
- Chapter 5: Sealing up Side Channel Data LeakageData leakage via application screenshot; Pasteboard leaking sensitive information; Device logs leaking application sensitive data; Keyboard cache capturing sensitive data; Summary; Chapter 6: Analyzing iOS Binary Protections; Decrypting unsigned iOS applications; Decrypting signed iOS applications; Analyzing code by reverse engineering; Analyzing iOS binary; Hardening binary against reverse engineering; Summary; Chapter 7: The iOS App Dynamic Analysis; Understanding Objective-C runtime; Dynamic analysis using Cycript
- Cover; Copyright; Credits; Foreword
- Why MobileSecurity Matters; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing iOS Application Security; Basics of iOS and application development; Developing your first iOS app; Running apps on iDevice; iOS MVC design; iOS security model; iOS secure boot chain; iOS application signing; iOS application sandboxing; OWASP Top 10 Mobile Risks; Weak server-side controls; Insecure data storage; Insufficient transport layer protection; Side channel data leakage; Poor authorization and authentication
- Broken cryptographyClient-side injection; Security decisions via untrusted input; Improper session handling; Lack of binary protections; Summary; Chapter 2: Setting up Lab for iOS App Pentesting; Need for jailbreaking; What is jailbreak?; Types of jailbreaks; Hardware and software requirements; Jailbreaking iDevice; Adding sources to Cydia; Connecting with iDevice; Transferring files to iDevice; Connecting to iDevice using VNC; Installing utilities on iDevice; Installing idb tool; Installing apps on iDevice; Pentesting using iOS Simulator; Summary
- Chapter 3: Identifying the Flaws in Local StorageIntroduction to insecure data storage; Installing third-party applications; Insecure data in the plist files; Insecure storage in the NSUserDefaults class; Insecure storage in SQLite database; SQL injection in iOS applications; Insecure storage in Core Data; Insecure storage in keychain; Summary; Chapter 4: Traffic Analysis for iOS Application; Intercepting traffic over HTTP; Intercepting traffic over HTTPS; Intercepting traffic of iOS Simulator; Web API attack demo; Bypassing SSL pinning; Summary