Learning iOS Penetration Testing

Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration tests

Learning iOS Penetration Testing

Swaroop Yermalkar

1 customer reviews
Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration tests
Mapt Subscription
FREE
$29.99/m after trial
eBook
$22.40
RRP $31.99
Print + eBook
$39.99
RRP $39.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$22.40
$39.99
$29.99p/m after trial
RRP $31.99
RRP $39.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Preview in Mapt

Book Details

ISBN 139781785883255
Paperback204 pages

Book Description

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks.

Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications.

This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.

Table of Contents

Chapter 1: Introducing iOS Application Security
Basics of iOS and application development
Developing your first iOS app
Running apps on iDevice
iOS MVC design
iOS security model
iOS secure boot chain
iOS application signing
iOS application sandboxing
OWASP Top 10 Mobile Risks
Summary
Chapter 2: Setting up Lab for iOS App Pentesting
Need for jailbreaking
Jailbreaking iDevice
Connecting with iDevice
Installing utilities on iDevice
Installing apps on iDevice
Pentesting using iOS Simulator
Summary
Chapter 3: Identifying the Flaws in Local Storage
Introduction to insecure data storage
Installing third-party applications
Insecure data in the plist files
Insecure storage in the NSUserDefaults class
Insecure storage in SQLite database
SQL injection in iOS applications
Insecure storage in Core Data
Insecure storage in keychain
Summary
Chapter 4: Traffic Analysis for iOS Application
Intercepting traffic over HTTP
Intercepting traffic over HTTPS
Intercepting traffic of iOS Simulator
Web API attack demo
Bypassing SSL pinning
Summary
Chapter 5: Sealing up Side Channel Data Leakage
Data leakage via application screenshot
Pasteboard leaking sensitive information
Device logs leaking application sensitive data
Keyboard cache capturing sensitive data
Summary
Chapter 6: Analyzing iOS Binary Protections
Decrypting unsigned iOS applications
Decrypting signed iOS applications
Analyzing code by reverse engineering
Analyzing iOS binary
Hardening binary against reverse engineering
Summary
Chapter 7: The iOS App Dynamic Analysis
Understanding Objective-C runtime
Dynamic analysis using Cycript
Runtime analysis using Snoop-it
Dynamic analysis on iOS Simulator
Summary
Chapter 8: iOS Exploitation
Setting up exploitation lab
Shell bind TCP for iOS
Shell reverse TCP for iOS
Creating iOS backdoor
Converting iDevice to a pentesting device
Summary
Chapter 9: Introducing iOS Forensics
Basics of iOS forensics
The iPhone hardware
The iOS filesystem
Physical acquisition
Data backup acquisition
iOS forensics tools walkthrough
Summary

What You Will Learn

  • Understand the basics of iOS app development, deployment, security architecture, application signing, application sandboxing, and OWASP TOP 10 for mobile
  • Set up your lab for iOS app pentesting and identify sensitive information stored locally
  • Perform traffic analysis of iOS devices and catch sensitive data being leaked by side channels
  • Modify an application’s behavior using runtime analysis
  • Analyze an application’s binary for security protection
  • Acquire the knowledge required for exploiting iOS devices
  • Learn the basics of iOS forensics

Authors

Table of Contents

Chapter 1: Introducing iOS Application Security
Basics of iOS and application development
Developing your first iOS app
Running apps on iDevice
iOS MVC design
iOS security model
iOS secure boot chain
iOS application signing
iOS application sandboxing
OWASP Top 10 Mobile Risks
Summary
Chapter 2: Setting up Lab for iOS App Pentesting
Need for jailbreaking
Jailbreaking iDevice
Connecting with iDevice
Installing utilities on iDevice
Installing apps on iDevice
Pentesting using iOS Simulator
Summary
Chapter 3: Identifying the Flaws in Local Storage
Introduction to insecure data storage
Installing third-party applications
Insecure data in the plist files
Insecure storage in the NSUserDefaults class
Insecure storage in SQLite database
SQL injection in iOS applications
Insecure storage in Core Data
Insecure storage in keychain
Summary
Chapter 4: Traffic Analysis for iOS Application
Intercepting traffic over HTTP
Intercepting traffic over HTTPS
Intercepting traffic of iOS Simulator
Web API attack demo
Bypassing SSL pinning
Summary
Chapter 5: Sealing up Side Channel Data Leakage
Data leakage via application screenshot
Pasteboard leaking sensitive information
Device logs leaking application sensitive data
Keyboard cache capturing sensitive data
Summary
Chapter 6: Analyzing iOS Binary Protections
Decrypting unsigned iOS applications
Decrypting signed iOS applications
Analyzing code by reverse engineering
Analyzing iOS binary
Hardening binary against reverse engineering
Summary
Chapter 7: The iOS App Dynamic Analysis
Understanding Objective-C runtime
Dynamic analysis using Cycript
Runtime analysis using Snoop-it
Dynamic analysis on iOS Simulator
Summary
Chapter 8: iOS Exploitation
Setting up exploitation lab
Shell bind TCP for iOS
Shell reverse TCP for iOS
Creating iOS backdoor
Converting iDevice to a pentesting device
Summary
Chapter 9: Introducing iOS Forensics
Basics of iOS forensics
The iPhone hardware
The iOS filesystem
Physical acquisition
Data backup acquisition
iOS forensics tools walkthrough
Summary

Book Details

ISBN 139781785883255
Paperback204 pages
Read More
From 1 reviews

Read More Reviews