iOS app security testing

Після зданого проекту захотілося докопати тему до якогось логічного кінця. Відчував що проект ще не закінчений. Треба було приготувати Case Study, поділитися досвідом з іншими, підготувати черговий Security Hole #9.

Шукав довго, а все можна сказати лежало на поверхні. Частину ще навіть не встиг розпарсати але викладаю для пришвидшення вашого розвитку тут.


IOS Application security Part 1 – Setting up a mobile pentesting platform
IOS Application security Part 2 – Getting class information of IOS apps
IOS Application security Part 3 – Understanding the Objective-C Runtime
iOS Application Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
IOS Application security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App)
IOS Application Security Part 6 – New Security Features in IOS 7
IOS Application Security Part 8 – Method Swizzling using Cycript
IOS Application Security Part 9 – Analyzing Security of IOS Applications using Snoop-it
IOS Application Security Part 10 – IOS Filesystem and Forensics
IOS Application Security Part 11 – Analyzing Network Traffic over HTTP/HTTPS
IOS Application Security Part 12 – Dumping Keychain Data
IOS Application Security Part 13 – Booting a custom Ramdisk using Sogeti Data Protection tools
IOS Application Security Part 14 – Gathering information using Sogeti Data Protection tools
IOS Application Security Part 15 – Static Analysis of IOS Applications using iNalyzer
IOS Application Security Part 16 – Runtime Analysis of IOS Applications using iNalyzer
IOS Application Security Part 17 – Black-box assessment of IOS Applications using Introspy
IOS Application Security Part 18 – Detecting custom signatures with Introspy
IOS Application Security Part 19 – Programmatical Usage of Introspy
IOS Application Security Part 20 – Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)
IOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB