Learning iOS penetration testing :
Yermalkar, Swaroop,
Learning iOS penetration testing : secure your iOS applications and uncover hidden vunerabilities by conducting penetration tests / Swaroop Yermalkar ; foreward by Gunnar Peterson. - 1 online resource : illustrations. - Community experience distilled . - Community experience distilled. .
Includes index.
Cover; Copyright; Credits; Foreword -- Why MobileSecurity Matters; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing iOS Application Security; Basics of iOS and application development; Developing your first iOS app; Running apps on iDevice; iOS MVC design; iOS security model; iOS secure boot chain; iOS application signing; iOS application sandboxing; OWASP Top 10 Mobile Risks; Weak server-side controls; Insecure data storage; Insufficient transport layer protection; Side channel data leakage; Poor authorization and authentication Broken cryptographyClient-side injection; Security decisions via untrusted input; Improper session handling; Lack of binary protections; Summary; Chapter 2: Setting up Lab for iOS App Pentesting; Need for jailbreaking; What is jailbreak?; Types of jailbreaks; Hardware and software requirements; Jailbreaking iDevice; Adding sources to Cydia; Connecting with iDevice; Transferring files to iDevice; Connecting to iDevice using VNC; Installing utilities on iDevice; Installing idb tool; Installing apps on iDevice; Pentesting using iOS Simulator; Summary Chapter 3: Identifying the Flaws in Local StorageIntroduction to insecure data storage; Installing third-party applications; Insecure data in the plist files; Insecure storage in the NSUserDefaults class; Insecure storage in SQLite database; SQL injection in iOS applications; Insecure storage in Core Data; Insecure storage in keychain; Summary; Chapter 4: Traffic Analysis for iOS Application; Intercepting traffic over HTTP; Intercepting traffic over HTTPS; Intercepting traffic of iOS Simulator; Web API attack demo; Bypassing SSL pinning; Summary Chapter 5: Sealing up Side Channel Data LeakageData leakage via application screenshot; Pasteboard leaking sensitive information; Device logs leaking application sensitive data; Keyboard cache capturing sensitive data; Summary; Chapter 6: Analyzing iOS Binary Protections; Decrypting unsigned iOS applications; Decrypting signed iOS applications; Analyzing code by reverse engineering; Analyzing iOS binary; Hardening binary against reverse engineering; Summary; Chapter 7: The iOS App Dynamic Analysis; Understanding Objective-C runtime; Dynamic analysis using Cycript Runtime analysis using Snoop-itDynamic analysis on iOS Simulator; Summary; Chapter 8: iOS Exploitation; Setting up exploitation lab; Shell bind TCP for iOS; Shell reverse TCP for iOS; Creating iOS backdoor; Converting iDevice to a pentesting device; Summary; Chapter 9: Introducing iOS Forensics; Basics of iOS forensics; The iPhone hardware; The iOS filesystem; Physical acquisition; Data backup acquisition; iOS forensics tools walkthrough; Elcomsoft iOS Forensic Toolkit (EIFT); Open source and free tools; Summary; Index
Annotation Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration testsAbout This Book Achieve your goal to secure iOS devices and applications with the help of this fast paced manual Find vulnerabilities in your iOS applications and fix them with the help of this example-driven guide Acquire the key skills that will easily help you to perform iOS exploitation and forensics with greater confidence and a stronger understandingWho This Book Is ForThis book is for IT security professionals who want to conduct security testing of applications. This book will give you exposure to diverse tools to perform penetration testing. This book will also appeal to iOS developers who would like to secure their applications, as well as security professionals. It is easy to follow for anyone without experience of iOS pentesting. What You Will Learn Understand the basics of iOS app development, deployment, security architecture, application signing, application sandboxing, and OWASP TOP 10 for mobile Set up your lab for iOS app pentesting and identify sensitive information stored locally Perform traffic analysis of iOS devices and catch sensitive data being leaked by side channels Modify an application's behavior using runtime analysis Analyze an application's binary for security protection Acquire the knowledge required for exploiting iOS devices Learn the basics of iOS forensicsIn DetailiOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing. Style and approachThis fast-paced and practical guide takes a step-by-step approach to penetration testing with the goal of helping you secure your iOS devices and apps quickly.
9781785886799 1785886797 1785883259 9781785883255
9781785883255
CL0500000707 Safari Books Online
iOS (Electronic resource)
IOS (Electronic resource)
Penetration testing (Computer security)
COMPUTERS--Computer Science.
Penetration testing (Computer security)
Electronic books.
QA76.9.A25
005.8
Learning iOS penetration testing : secure your iOS applications and uncover hidden vunerabilities by conducting penetration tests / Swaroop Yermalkar ; foreward by Gunnar Peterson. - 1 online resource : illustrations. - Community experience distilled . - Community experience distilled. .
Includes index.
Cover; Copyright; Credits; Foreword -- Why MobileSecurity Matters; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing iOS Application Security; Basics of iOS and application development; Developing your first iOS app; Running apps on iDevice; iOS MVC design; iOS security model; iOS secure boot chain; iOS application signing; iOS application sandboxing; OWASP Top 10 Mobile Risks; Weak server-side controls; Insecure data storage; Insufficient transport layer protection; Side channel data leakage; Poor authorization and authentication Broken cryptographyClient-side injection; Security decisions via untrusted input; Improper session handling; Lack of binary protections; Summary; Chapter 2: Setting up Lab for iOS App Pentesting; Need for jailbreaking; What is jailbreak?; Types of jailbreaks; Hardware and software requirements; Jailbreaking iDevice; Adding sources to Cydia; Connecting with iDevice; Transferring files to iDevice; Connecting to iDevice using VNC; Installing utilities on iDevice; Installing idb tool; Installing apps on iDevice; Pentesting using iOS Simulator; Summary Chapter 3: Identifying the Flaws in Local StorageIntroduction to insecure data storage; Installing third-party applications; Insecure data in the plist files; Insecure storage in the NSUserDefaults class; Insecure storage in SQLite database; SQL injection in iOS applications; Insecure storage in Core Data; Insecure storage in keychain; Summary; Chapter 4: Traffic Analysis for iOS Application; Intercepting traffic over HTTP; Intercepting traffic over HTTPS; Intercepting traffic of iOS Simulator; Web API attack demo; Bypassing SSL pinning; Summary Chapter 5: Sealing up Side Channel Data LeakageData leakage via application screenshot; Pasteboard leaking sensitive information; Device logs leaking application sensitive data; Keyboard cache capturing sensitive data; Summary; Chapter 6: Analyzing iOS Binary Protections; Decrypting unsigned iOS applications; Decrypting signed iOS applications; Analyzing code by reverse engineering; Analyzing iOS binary; Hardening binary against reverse engineering; Summary; Chapter 7: The iOS App Dynamic Analysis; Understanding Objective-C runtime; Dynamic analysis using Cycript Runtime analysis using Snoop-itDynamic analysis on iOS Simulator; Summary; Chapter 8: iOS Exploitation; Setting up exploitation lab; Shell bind TCP for iOS; Shell reverse TCP for iOS; Creating iOS backdoor; Converting iDevice to a pentesting device; Summary; Chapter 9: Introducing iOS Forensics; Basics of iOS forensics; The iPhone hardware; The iOS filesystem; Physical acquisition; Data backup acquisition; iOS forensics tools walkthrough; Elcomsoft iOS Forensic Toolkit (EIFT); Open source and free tools; Summary; Index
Annotation Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration testsAbout This Book Achieve your goal to secure iOS devices and applications with the help of this fast paced manual Find vulnerabilities in your iOS applications and fix them with the help of this example-driven guide Acquire the key skills that will easily help you to perform iOS exploitation and forensics with greater confidence and a stronger understandingWho This Book Is ForThis book is for IT security professionals who want to conduct security testing of applications. This book will give you exposure to diverse tools to perform penetration testing. This book will also appeal to iOS developers who would like to secure their applications, as well as security professionals. It is easy to follow for anyone without experience of iOS pentesting. What You Will Learn Understand the basics of iOS app development, deployment, security architecture, application signing, application sandboxing, and OWASP TOP 10 for mobile Set up your lab for iOS app pentesting and identify sensitive information stored locally Perform traffic analysis of iOS devices and catch sensitive data being leaked by side channels Modify an application's behavior using runtime analysis Analyze an application's binary for security protection Acquire the knowledge required for exploiting iOS devices Learn the basics of iOS forensicsIn DetailiOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing. Style and approachThis fast-paced and practical guide takes a step-by-step approach to penetration testing with the goal of helping you secure your iOS devices and apps quickly.
9781785886799 1785886797 1785883259 9781785883255
9781785883255
CL0500000707 Safari Books Online
iOS (Electronic resource)
IOS (Electronic resource)
Penetration testing (Computer security)
COMPUTERS--Computer Science.
Penetration testing (Computer security)
Electronic books.
QA76.9.A25
005.8