Learning iOS Penetration Testing. Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration tests

Learning iOS Penetration Testing. Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration tests - Opis

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks.Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications.This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing. Spis treści: 1. Introducing iOS Application Security2. Setting up a lab for iOS application pentesting3. Identifying flaws in local Data Storage4. Traffic analysis for iOS applications5. Sealing up the Side Channel Data Leakage6. Reversing iOS Applications 7. iOS App runtime analysis 8. Exploiting iOS Devices 9. Introducing iOS Forensics O autorze: Swaroop Yermalkar is a leading security researcher and technology evangelist. He is one of the top mobile security researchers worldwide, working with Synack Inc. He has worked as domain consultant in the Security Practice Group at Persistent Systems Ltd, India, where he (...) więcej was responsible for the security research and assessment of web, network, Android and iOS applications. He also gives talks and trainings on wireless and mobile app pentesting at various security conferences such as GroundZero, c0c0n, 0x90, DEFCON Lucknow, and GNUnify. He is acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple bank App, iFixit, and many more for reporting high severity security issues in their mobile apps. He is an active member of null, an open security community in India, and a contributor to the regular meet-up and Humla sessions at the Pune Chapter. He holds various information security certifications, such as SLAE, SMFE, SWSE, CEH, and CHFI. He has written various articles for ClubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security. He has organized many eminent programs and was the event head of Hackathona national-level hacking competition. He had also worked with the Cyber Crime Cell, Pune, Maharashtra Police in programs such as Cyber Safe Pune. He can be contacted at @swaroopsy on Twitter. mniej