#ASFWS iOS security training for pentesters and app developers

Niveau technique : Pratiquants avancés

Plan du cours:

  • Introduction to the iOS Platform
  • iPhone and iOS devices generations and their hardware
  • The baseband processor
  • The iOS operating system
  • The Objective-C language
  • The App Store

  • Security Features of the iOS Platform

  • The Secure Boot chain
  • System software personalization
  • Application code signing
  • Runtime process security
  • Encryption and data protection
  • Network security (SSL, VPN …)
  • Device security (pin codes)

  • Jailbreaking

  • Definition of jailbreaking
  • Reasons for jailbreaking
  • What jailbreaking does mean, technically speaking
  • Current status of jailbreaking (device and OS versions)
  • Jailbreaking tools
  • The Cydia alternative App Store

  • Auditing Applications

  • The OWASP TOP 10 list of vulnerabilities
  • Insecure Data Storage
  • Weak Server Side Controls
  • Insufficient Transport Layer Protection
  • Client Side Injection
  • Poor Authorization and Authentication
  • Improper Session Handling
  • Decisions Via Untrusted Inputs
  • Side channel data leakage
  • Broken cryptography
  • Sensitive information disclosure

  • Reverse engineering Applications

  • The ARM assembly language
  • Removing the DRM from applications
  • Tools of the trade (otools, class-dump)
  • Static Reverse engineering with IDA Pro and hopper
Price: CHF 750
Open in Google Maps