iphone application security course overview
TRANSCRIPT
2 http://www.securitylearn.net
Course Content
Introduction to Mobile applications
Mobile Application Security
Types of Mobile Applications
Mobile Application architectures
Comparison between iPhone, Android & Blackberry applications
Mobile Malware
iOS Architecture
iTunes
OS Upgrading/Downgrading/Restoring
iOS Internals – Kernel, RamDisk
iOS Layers
File System
Permission model
iOS Backups
Comparison with Android Architecture
iOS Security features
Code Signing
Passcode protection
Data Protection/ Protection classes
Sand Boxing
ASLR/DEP
Data Wipe
Encrypted Backups
Comparison with Android Security Features
iOS Security loop holes
JailBreaking
Unlocking
Hactivation
Breaking Data protection/sand boxing
iOS Application distribution models
Device distribution
Adhoc distribution
OTA distribution
In-house distribution
AppStore distribution
3 http://www.securitylearn.net
Pentest environment setup
iGoat setup
iOS simulator Vs iOS devices
iOS Application traffic analysis
Capturing HTTP traffic
MITM SSL Traffic
Custom protocol analysis
Overview of Web Application attacks
Security Best practices
Local Data Storage analysis
Property lists
Keychain – Sqlite database
Web Kit Storage
Cookies
Custom encrypted files
Security Best practices
Data caching
Screenshots
Keyboard cache
Security Best practices
URL Schemes
Implementation of URL Schemes
Security Best practices
Facebook URL Scheme analysis
Reverse engineering iPhone Applications
Decrypting iPhone Apps
Run time debugging with GNU Debugger
Secure practices
Restricting JailBreak
Demo - Twitter
Major mobile application threats
OWASP Top 10 mobile application risks
Veracode Top 10 mobile application riks
Push notifications
Understanding push notifications
Secure Implementation
4 http://www.securitylearn.net
iPhone Passcode Bypass
Data recovery techniques
iPhone Backup analysis
Reading backups
Encrypting & Decrypting backups
Security Loopholes
Enterprise iPhone Application security
iPhone Application Security Checklist
Contact
Satish B
Email: [email protected]