iOS安全新书推荐《iOS Application Security》

Datetime:2016-08-22 23:26:49          Topic: IOS Development           Share

(附第四章PDF电子版下载)

Full PDF, Mobi, and ePub Ebooks Available Now!

Download Chapter 4: Building Your Test Platform

“The most thorough and thoughtful treatment of iOS security that you can find today.”

—Alex Stamos, Chief Security Officer at Facebook

“David Thiel is the most skilled and knowledgeable iOS security researcher that I’ve worked with. David’s advice for developing secure iOS applications has been indispensable to my organization.”

—Brandon Sterne, Director of Security Engineering, Workday, Inc.

Eliminating security holes in iOS apps is critical for any developer who wants to protect their users from the bad guys. In iOS Application Security , mobile security expert David Thiel reveals common iOS coding mistakes that create serious security problems and shows you how to find and fix them.

After a crash course on iOS application structure and Objective-C design patterns, you’ll move on to spotting bad code and plugging the holes. You’ll learn about:

  • The iOS security model and the limits of its built-in protections
  • The myriad ways sensitive data can leak into places it shouldn’t, such as through the pasteboard
  • How to implement encryption with the Keychain, the Data Protection API, and CommonCrypto
  • Legacy flaws from C that still cause problems in modern iOS applications
  • Privacy issues related to gathering user data and how to mitigate potential pitfalls

Don’t let your app’s security leak become another headline. Whether you’re looking to bolster your app’s defenses or hunting bugs in other people’s code, iOS Application Security will help you get the job done well.

About the Author

David Thielhas nearly 20 years of computer security experience. His research and book Mobile Application Security (McGraw-Hill) helped launch the field of iOS application security , and he has presented his work at security conferences like Black Hat and DEF CON. An application security consultant for years at iSEC Partners, Thiel now works for the Internet.org Connectivity Lab.

Table of Contents

Introduction

PART I: IOS FUNDAMENTALS

Chapter 1: The iOS Security Model

Chapter 2: Objective-C for the Lazy

Chapter 3: iOS Application Anatomy

PART II: SECURITY TESTING

Chapter 4: Building Your Test Platform

Chapter 5: Debugging with lldb and Friends

Chapter 6: Black-Box Testing

PART III: SECURITY QUIRKS OF THE COCOA API

Chapter 7: iOS Networking

Chapter 8: Interprocess Communication

Chapter 9: iOS-Targeted Web Apps

Chapter 10: Data Leakage

Chapter 11: Legacy Issues and Baggage from C

Chapter 12: Injection Attacks

PART IV: KEEPING DATA SAFE

Chapter 13: Encryption and Authentication

Chapter 14: Mobile Privacy Concerns

View the detailed Table of Contents (PDF)

View the Index (PDF)

iOS Application Security offers an excellent foundation for anyone interested in ethical hacking on mobile platforms. This is going to be a growing sector of the penetration testing industry, as mobile devices assume an ever-greater importance in corporate IT estates.”

Network Security Newsletter

“Worthy read and covers a lot of ground in 200ish pages. Well recommended.”

Michael Howard, author of Writing Secure Code

“A major asset to any iOS developer who wants to ensure his app’s ability to protect a user’s data. I would highly recommend anyone interested in the field of iOS app security to take a close look at iOS Application Security .”

MacTrast





About List