eBook - ePub
Learning iOS Penetration Testing
Swaroop Yermalkar
This is a test
Compartir libro
- 204 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Learning iOS Penetration Testing
Swaroop Yermalkar
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Secure your iOS applications and uncover hidden vulnerabilities by conducting penetration tests
About This Book
- Achieve your goal to secure iOS devices and applications with the help of this fast paced manual
- Find vulnerabilities in your iOS applications and fix them with the help of this example-driven guide
- Acquire the key skills that will easily help you to perform iOS exploitation and forensics with greater confidence and a stronger understanding
Who This Book Is For
This book is for IT security professionals who want to conduct security testing of applications. This book will give you exposure to diverse tools to perform penetration testing. This book will also appeal to iOS developers who would like to secure their applications, as well as security professionals. It is easy to follow for anyone without experience of iOS pentesting.
What You Will Learn
- Understand the basics of iOS app development, deployment, security architecture, application signing, application sandboxing, and OWASP TOP 10 for mobile
- Set up your lab for iOS app pentesting and identify sensitive information stored locally
- Perform traffic analysis of iOS devices and catch sensitive data being leaked by side channels
- Modify an application's behavior using runtime analysis
- Analyze an application's binary for security protection
- Acquire the knowledge required for exploiting iOS devices
- Learn the basics of iOS forensics
In Detail
iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks.
Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications.
This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Style and approach
This fast-paced and practical guide takes a step-by-step approach to penetration testing with the goal of helping you secure your iOS devices and apps quickly.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Learning iOS Penetration Testing un PDF/ePUB en línea?
Sí, puedes acceder a Learning iOS Penetration Testing de Swaroop Yermalkar en formato PDF o ePUB, así como a otros libros populares de Computer Science y Cyber Security. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Learning iOS Penetration Testing
Table of Contents
Learning iOS Penetration Testing
Credits
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Introducing iOS Application Security
Basics of iOS and application development
Developing your first iOS app
Running apps on iDevice
iOS MVC design
iOS security model
iOS secure boot chain
iOS application signing
iOS application sandboxing
OWASP Top 10 Mobile Risks
Weak server-side controls
Insecure data storage
Insufficient transport layer protection
Side channel data leakage
Poor authorization and authentication
Broken cryptography
Client-side injection
Security decisions via untrusted input
Improper session handling
Lack of binary protections
Summary
2. Setting up Lab for iOS App Pentesting
Need for jailbreaking
What is jailbreak?
Types of jailbreaks
Hardware and software requirements
Jailbreaking iDevice
Adding sources to Cydia
Connecting with iDevice
Transferring files to iDevice
Connecting to iDevice using VNC
Installing utilities on iDevice
Installing idb tool
Installing apps on iDevice
Pentesting using iOS Simulator
Summary
3. Identifying the Flaws in Local Storage
Introduction to insecure data storage
Installing third-party applications
Insecure data in the plist files
Insecure storage in the NSUserDefaults class
Insecure storage in SQLite database
SQL injection in iOS applications
Insecure storage in Core Data
Insecure storage in keychain
Summary
4. Traffic Analysis for iOS Application
Intercepting traffic over HTTP
Intercepting traffic over HTTPS
Intercepting traffic of iOS Simulator
Web API attack demo
Bypassing SSL pinning
Summary
5. Sealing up Side Channel Data Leakage
Data leakage via application screenshot
Pasteboard leaking sensitive information
Device logs leaking application sensitive data
Keyboard cache capturing sensitive data
Summary
6. Analyzing iOS Binary Protections
Decrypting unsigned iOS applications
Decrypting signed iOS applications
Analyzing code by reverse engineering
Analyzing iOS binary
Hardening binary against reverse engineering
Summary
7. The iOS App Dynamic Analysis
Understanding Objective-C runtime
Dynamic analysis using Cycript
Runtime analysis using Snoop-it
Dynamic analysis on iOS Simulator
Summary
8. iOS Exploitation
Setting up exploitation lab
Shell bind TCP for iOS
Shell reverse TCP for iOS
Creating iOS backdoor
Converting iDevice to a pentesting device
Summary
9. Introducing iOS Forensics
Basics of iOS forensics
The iPhone hardware
The iOS filesystem
Physical acquisition
Data backup acquisition
iOS forensics tools walkthrough
Elcomsoft iOS Forensic Toolkit (EIFT)
Open source and free tools
Summary
Index
Learning iOS Penetration Testing
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: January 2016
Production reference: 1311215
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-325-5
www.packtpub.com
Credits
Author
Swaroop Yermalkar
Re...