Overview
Explore the intricacies of building and hacking modern iOS apps in this 33-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the latest security features introduced at Apple's Worldwide Developers Conference and learn how to develop secure iOS and macOS applications. Gain insights from both a developer's and a penetration tester's perspective, including details of previously undisclosed vulnerabilities discovered in Apple's applications. Cover essential topics such as platform and jailbreak realities, Swift myths, binary reverse engineering, data storage security, network communication, and platform interaction. Witness live demonstrations and receive practical takeaways for implementing robust security measures in iOS app development. Understand the importance of quality assurance, dictionary attacks, and resilience requirements in creating secure mobile applications.
Syllabus
Introduction
Platform Myths Reality
Jailbreak Myths Reality
Swift Myths
Test Class
Binary
Reverse
Freedom
Swift Code
Live Demo
Takeaway
Data Storage
Sensitive Data
iCloud Backup
Directory Backup
Credential Provider Extension
Password Policy
Network Communication
Platform Interaction
Takeaways
Quality
Dictionary
Malicious Entry
Demo
Viewer
Yahoo
Resiliency Requirements
AntiTampering
iOS Security Suit
QR Code
Summary
Taught by
OWASP Foundation