Explore the security vulnerabilities of iOS web server apps in this 31-minute conference talk by Bruno Oliveira from OWASP Foundation. Dive into the risks associated with popular file-sharing applications available on the iTunes Store that implement web servers on iOS devices. Learn about the lack of encryption, authentication issues, and potential exploits ranging from cross-site scripting to remote code execution. Discover how these vulnerabilities can be magnified through mDNS queries, making devices easy targets on wireless networks. Gain insights into the differences between jailbroken and non-jailbroken devices, and witness live demonstrations of unpatched vulnerabilities. Understand the implications for iOS security and file system compromise through practical attack scenarios presented by this experienced security consultant.
Hacking Web Server Apps for iOS - Security Risks and Vulnerabilities
Overview
Syllabus
Intro
About me
History
Applications
iTunes Store
The Chase
Not encrypted
No SSL
Variance
Crosssite scripting
Add Webs
Web Server
Vendors
Testing
File Manager
iOS 7 Security
DNS Protocol
World Wide Web
Conclusion
Security
Taught by
OWASP Foundation
