iOS
Work in progress
XOX
title: iOS security design and secure coding
audience: XOX
duration: 1 XL day (7hrs education time)
developed by: Zsombor Kovács
We assume that the developers attending the iOS secdev course:
are familiar with with the mobile apps development process and technologies
have a suitable IDE installed on their laptop (labs desktop)
a physical Apple computer
the latest Xcode with the corresponding SDKs
Apple Developer Account with a distribution profile
test devices that are included in the installed distribution profile
'Into the middle of things' demo: "Bugs and flaws in your app help bad guys"
Security mechanisms in iOS
Application signing in iOS
Common design patterns
Architecture of an iOS app
Secure API design
Designing a reasonable communication flow
iOS storage encryption
Protection classes, storage formats and security implications
Data storage and backups
Logging
Hands-on: (in)secure storage in applications
App Transport Security
Certificate pinning
Hands-on: certificate pinning implementation and bypass
Custom protocol handlers
Hands-on: attacking and securing an insecure custom protocol handler
Secure crypto implementation
Hands-on: insecure crypto examples and hardcoded encryption key extraction
Swift
Objective C
Non-native/hybrid app development: Flutter, React, etc.
Jailbreaking, implications of running on a jailbroken device
Dynamic hooking and method swizzling
Hands-on: bypassing jailbreak detection in several ways
Lead trainer:
Co-trainer: