Overview
Explore iOS app security and penetration testing techniques through OWASP iGoat, an open-source self-learning tool for developers and mobile app pentesters. Learn about major security pitfalls in iOS development and how to avoid them through a series of hands-on lessons covering client-server architecture, exploitation techniques, and remediation strategies. Discover the tool's support for various iDevices and iOS versions, and gain insights into setting up iGoat, exploiting latest vulnerabilities, and contributing to the project. Dive into practical demonstrations of runtime analysis, server-side key storage, URL scheme vulnerabilities, and cloud misconfiguration issues. Understand the challenges faced by enterprises in mobile app security and how iGoat addresses them through its structured approach to learning and problem-solving.
Syllabus
Intro
About me
Agenda
Why Care
Your Smartphone
WhatsApp
Phone ID
Challenges
Smartphone Robbery
Jailbreak
PIN bruteforce
About iGoat
Challenges for enterprises
Approach
How it works
Best thing about iGoat
How to contribute
Demo Runtime Analysis
Demo
ServerSide Key Storage
URL Scheme
Cloud Miss Configuration
Conclusion
Taught by
OWASP Foundation