Overview
Explore iOS application security in this 43-minute conference talk by Gregg Ganley, Principal Investigator of iOS Security Research at MITRE Corp. Dive into the iMAS (iOS Mobile Application Security) project, an open-source framework designed to enhance iOS app security beyond Apple's standard model. Learn about common iOS vulnerabilities, iMAS security controls, and their alignment with OWASP Mobile Top 10 and CWE vulnerabilities. Witness a demonstration of the iMAS App Password control integrated into an application. Gain insights into iOS security architecture, forced inlining, Mobile Device Management (MDM) research, and STIG compliance. Understand the project's technical approach, audit findings, and its value for developers seeking to strengthen their iOS applications against potential threats.
Syllabus
Intro
About MITRE
iOS Security Model
Research Scope
Hacking and Jailbreaking ios
Problem: Standard iOS Application Today
Research Idea: IMAS Secure Application Framework
iOS Security Architecture
Ä°MAS - Security Controls
Security Check Deep Dive
Forced Inlining
Mobile Device Management (MDM) Research
Github Use and Value
FY14 Technical Approach and Research
Audit Summary August 2012
STIG Compliance Security Technical implementation Guide
Third Party Audit
Taught by
OWASP Foundation