Uncovering OWASP's Mobile Risks in iOS Apps - AppSec California 2015

Uncovering OWASP's Mobile Risks in iOS Apps - AppSec California 2015

OWASP Foundation via YouTube Direct link

AN OUTLINE THE TALK TODAY WILL COVER A SOLID AMOUNT OF MATERIAL

2 of 16

2 of 16

AN OUTLINE THE TALK TODAY WILL COVER A SOLID AMOUNT OF MATERIAL

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Uncovering OWASP's Mobile Risks in iOS Apps - AppSec California 2015

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 AN OUTLINE THE TALK TODAY WILL COVER A SOLID AMOUNT OF MATERIAL
  3. 3 IOS IS DERIVED FROM OS X
  4. 4 REVERSING IS SOMEWHAT NON-TRIVIAL - being an object-oriented language static analysis can be challenging
  5. 5 ARM POWERS MOBILE PROCESSORS EVERYWHERE - IOS DEVICES RUN ON PROCESSORS BASED ON THE ARM ARCHITECTURE
  6. 6 ARM ARCHITECTURE ON (MODERN) 32-BIT CPUS
  7. 7 ARM ARCHITECTURE ON 64-BIT CPUS
  8. 8 AUTOMATED APP GRABBING
  9. 9 REMOVING ENCRYPTION
  10. 10 OTOOL OTOOL OBJECT FILE DISPLAYING TOOL
  11. 11 CLASS-DUMP
  12. 12 IDA PRO IDA IS THE DE-FACTO REVERSING TOOL
  13. 13 DYNAMIC ANALYSIS OF IOS APPS
  14. 14 SPOTTING A VULNERABILITY STATICALLY
  15. 15 SPOTTING A VULNERABILITY DYNAMICALLY
  16. 16 SPOTTING A VULNERABILITY - scope out the disassembly or dump the user defaults plist

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.