Explore iOS Swift application penetration testing techniques in this 15-minute conference talk from AppSecUSA 2018. Learn how to identify security vulnerabilities in Swift applications and implement effective defense strategies using the OWASP iGoat project. Discover recent case studies of critical findings in iOS apps, addressing key issues such as encryption key management and code obfuscation. Gain insights into the differences between pentesting Swift and Objective-C applications, and understand how to apply OWASP Top 10 principles to mobile app security. Dive into the newly released Swift version of OWASP iGoat and enhance your skills in iOS app security testing, from basics to advanced levels.
Pentesting Swift Application with OWASP iGoat
Overview
Syllabus
Introduction
Agenda
Interactive
Why Mobile Security
Mobile Traffic
Security Focus
Critical Findings
AWS References
AWS Keys
EC2 Instance
Second Case Study
Risks to Mobile Data
Jailbreak
iOS versions
Jailbreaking
Brute Force
Project WASP
Demo
iGoat Architecture
Swift Release
Challenges
Serverside vulnerabilities
Compatibility
Conclusion
Taught by
OWASP Foundation
