Back to course catalog

iOS security

CL-IOS
2 days
Mobile
Course page in PDF Inquiry

Course information

Preparedness

General iOS application development

Exercises

Hands-on

Delivery methods

Classroom

Course Reviews

The training material provided by the trainer were well prepared, good focused on the item.

April 2014, Rennes, France

View all reviews

Description

iOS is a mobile operating system distributed exclusively for Apple hardware and designed with security at its core; key security features including sandboxing, native language exploit mitigations or hardware supported encryption all offer a very effective environment for secure software development. The devil is however in the details – a programmer can still commit plenty of mistakes to make the resulting apps vulnerable. This course introduces the iOS security model and the usage of various components, but also deals with relevant vulnerabilities and attacks, focusing on the mitigation techniques and best practices for avoiding them.

Recommended for programmers developing apps who want to understand the security features of iOS as well as the typical mistakes one can commit on this platform.

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on iPhone
  • Learn to use various security features of iOS
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities of iOS
  • Get practical knowledge in using security testing tools for iOS
  • Get sources and further readings on secure coding practices

Outline

  • IT security and secure coding
  • iOS security overview
  • iOS application security
  • Common coding errors and vulnerabilities
  • Buffer overflow protection on iOS
  • Testing iOS code
  • Principles of security and secure coding
  • Knowledge sources

Table of Contents

  • Day 1
    • IT security and secure coding
      • Nature of security
      • What is risk?
      • IT security vs. secure coding
      • From vulnerabilities to botnets and cybercrime
        • Nature of security flaws
        • Reasons of difficulty
        • From an infected computer to targeted attacks
        • The Seven Pernicious Kingdoms
        • OWASP Top Ten 2017
        • OWASP Mobile Top Ten 2016 (release candidate)
    • iOS security overview
      • iOS platform security basics
        • Evolution of iOS security features
        • iOS architecture
        • iOS security architecture
      • iOS sandboxing and app interactions
        • Sandbox concepts
        • The iOS application sandbox
        • The iOS sandbox directories
        • Inter-app communication basics
        • Extensions and sandboxing
      • Securing data storage
        • Data Protection overview
        • Key generation and storage
        • Disk and file encryption
        • Keybags
        • Data Protection classes
        • Keychain Data Protection classes
      • Deploying applications
        • App verification
        • Developer registration
        • Code signing
        • Apple’s review process
        • Illicit 'app store optimization'
    • iOS application security
      • iOS permissions
        • Using permissions
        • Settings – privacy view
        • iOS permissions – compared to Android
        • Entitlements vs permissions
        • Permissions – best practices
      • Writing secure iOS applications
        • Privilege┬áSeparation
        • Local data storage
        • Storing local data in the Keychain
        • Exercise: managing local data
        • Keychain sharing vulnerability due to Apple provisioning bug
        • Developing secure networked applications
        • Local file encryption
      • Protecting applications
        • FairPlay DRM for iOS apps
        • Third-party DRM pitfalls
        • Obfuscation and encryption
        • Securing inter-app communication – URL schemes
      • Reverse engineering and debugging
        • Reverse engineering tools
        • Decrypting iOS Applications
        • Application Class dump
        • Reverse engineering with IDA Pro
        • IDA Pro basics
        • IDA Pro tips
        • IDA Pro string view
        • IDA Pro – Objective-C methods
        • IDA Pro – Objective-C method call
        • Hard-coded passwords
        • Interacting with Objective-C
        • Read process memory with Cycript
        • Runtime analysis with GDB
        • Some useful GDB commands
        • Dumping Objective-C method calls with GDB
        • Purpose of jailbreaking
        • Types of jailbreaking
        • Consequences of jailbreaking
        • Jailbreak detection with file checking
        • Jailbreak detection with sandbox checking
        • Jailbreak detection with Cydia URL scheme
        • Removing Jailbreak detection with Cycript
        • Hook library calls with Cycript
        • Jailbreak detection consequences
        • Debug prevention with ptrace
        • Debug prevention with assembly code
        • Debugger detection
        • Further debugger detection techniques
        • Anti-debugging best practices
  • Day 2
    • Common coding errors and vulnerabilities
      • Input validation
        • Input validation concepts
        • Injection flaws
          • JSON Injection
        • UIWebView vulnerabilities
          • Dangers of UIWebView
          • A real-world vulnerability: Skype for iOS (2011)
        • XML vulnerabilities
          • XML External Entity (XXE) injection
        • Integer problems in Objective-C
          • Integer overflow
          • Integer overflow – Objective-C best practices
        • Other input validation problems
          • Path manipulation / path traversal
          • Unsafe reflection – spot the bug!
          • Format string vulnerability
    • Buffer overflow protection on iOS
      • ARM architecture
        • ARM Processors – main registers
        • The function calling mechanism in ARM
      • Buffer overflow
        • Buffer overflow on the stack
        • Exercises – trying to exploit a buffer overflow
        • Fortify_source check
        • Buffer overflow on the stack 2
      • Protection techniques and their circumvention
        • Stack smashing protection on iOS
        • Effects of stack smashing protection
        • Bypassing stack smashing protection
        • CVE-2011-1823 in vold's method – Spot the bug!
        • Exercise – vold vulnerability
        • Exercise – vold vulnerability exploit analysis
        • WWW exploit with .got overwrite
        • WWW exploit
        • Address Space Layout Randomization (ASLR)
        • Randomization with ASLR
        • Data Execution Prevention (DEP) / Execute-Never (XN) bit
        • Bypassing ASLR, XN and stack protection
        • Information leakage
        • Information leakage with use after free
        • Virtual method call
        • Code execution with use after free
        • Return oriented programming (ROP)
          • Creating ROP chain
          • Exploit using ROP
        • Signing and integrity protection
        • Access control
          • Storing sensitive data on iOS
      • Improper error and exception handling
        • Typical problems with error and exception handling
        • Errors vs exceptions
        • Empty catch block
        • Overly broad catch
        • Null pointers in Objective C
        • Exercise ErrorHandling – spot the bug!
        • Exercise – Error handling
        • iOS and OS X HTTPS key verification
      • Time and state problems
        • Time and state related problems
        • Serialization errors (TOCTTOU)
        • Race condition in signal handling
      • Code quality problems
        • Dangers arising from poor code quality
        • Poor code quality – spot the bug!
        • Unreleased resources
        • Type mismatch – Spot the bug!
        • Regular expression DOS (ReDOS)
      • Cryptography
        • Cryptography on iOS
      • Digital Rights Management (DRM)
        • DRM architecture
        • iOS DRM overview
        • Challenges of DRM protection
        • DRM protection without hardware support - hardening
        • DRM protection – decrypted content
      • iOS-specific vulnerabilities and bugs
    • Testing iOS code
      • General testing approaches
      • Testing iOS code
        • Exercise – Clang
        • OCLint
        • Exercise – OCLint
        • CppCheck
        • Exercise – CppCheck
    • Principles of security and secure coding
      • Matt Bishop’s principles of robust programming
      • The security principles of Saltzer and Schroeder
    • Knowledge sources
      • Secure coding sources – a starter kit
      • Vulnerability databases
      • iOS secure coding sources @ Apple Developer
      • Recommended books – C/C++
      • Recommended books – iOS
Show full table of contents

Get more information