Andaira Technology

 

iOS Security  


Certificación: N/A 

Acreditación: N/A 

Duración: 2 días 

Idioma del material: Inglés 

Formato: Presencial 

Créditos: N/A

Introducción:

iOS is a mobile operating system distributed exclusively for Apple hardware and designed with security at its core; key security features including sandboxing, native language exploit mitigations or hardware supported encryption all offer a very effective environment for secure software development. The devil is however in the details – a programmer can still commit plenty of mistakes to make the resulting apps vulnerable. This course introduces the iOS security model and the usage of various components, but also deals with the vulnerabilities and attacks, focusing on the mitigation techniques and the best practices to avoid them.

Recommended for programmers developing apps, who want to understand the security features of iOS as well as the typical mistakes one can commit on this platform.

Audiencia:

iOS application developers, architects and testers

Objetivos:

Individuals certified at this level will have demonstrated:

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on iPhone
  • Learn to use various security features of iOS
  • Get information about some recent vulnerabilities of iOS
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further reading on secure coding practices

Prerrequisitos:

None

Material del curso:

You will receive the following as part of this course:

  • A participant handbook with reference materials
  • Virtual machine with the exercises (to be distributed by the instructor on a USB drive)

Examen:

There are no exams associated with this course

Requisitos técnicos:

A preinstalled exercise environment in the form of desktop virtual machine will be distributed on USB sticks for the participants at the start of the course by the instructor.

Hardware and software specifications for the used host PCs are:

  • CPU equivalent to Core i5 with virtualization technology is recommended, minimum is Core i3 (or equivalent laptop processors)
  • 4GB is recommended, minimum is 2GB
  • At least 20 GB free space on the HDD.
  • Display resolution minimum 1024×768 (the larger the better)
  • Keyboard, mouse: any can be used as long as participants are familiar with them.
  • VMware Player minimal version is 3.2, preferred is 5.0.4.

Temario:

IT security and secure coding

  • Nature of security
  • IT security related terms
  • Definition of risk
  • IT security vs. secure coding
  • From vulnerabilities to botnets and cybercrime
  • Classification of security flaws

iOS security overview

  • Evolution of iOS security features
  • iOS architecture
  • iOS sandboxing and app interactions
  • Securing data storage
  • Deploying applications

Application security

  • iOS permissions
  • Writing secure iOS applications
  • Protecting applications
  • Cryptography
  • Digital Rights Management (DRM)
  • iOS-specific vulnerabilities and bugs
  • Reverse engineering and debugging

Buffer overflow protection on iOS

  • ARM architecture
  • Buffer overflow
  • Protection techniques and their circumvention
  • Input validation
  • Improper use of security features
  • Insecure randomness
  • Improper error and exception handling
  • Time and state problems
  • Code quality problems
  • Testing iOS code

Knowledge sources

  • Secure coding sources – a starter kit
  • Vulnerability databases