iOS Security Training
Certificate: N/A
Duration: 2 days
Course Delivery: Classroom
Accreditor: None
Language: English
Credits: N/A
Course Description:
iOS is a mobile operating system distributed exclusively for Apple hardware and designed with security at its core; key security features including sandboxing, native language exploit mitigations or hardware supported encryption all offer a very effective environment for secure software development. The devil is however in the details – a programmer can still commit plenty of mistakes to make the resulting apps vulnerable. This course introduces the iOS security model and the usage of various components, but also deals with the vulnerabilities and attacks, focusing on the mitigation techniques and the best practices to avoid them.
Recommended for programmers developing apps, who want to understand the security features of iOS as well as the typical mistakes one can commit on this platform.
Learning Objectives:
Individuals certified at this level will have demonstrated:
● Understand basic concepts of security, IT security and secure coding
● Learn the security solutions on iPhone
● Learn to use various security features of iOS
● Get information about some recent vulnerabilities of iOS
● Learn about typical coding mistakes and how to avoid them
● Get practical knowledge in using security testing tools
● Get sources and further reading on secure coding practices
The training material provided by the trainer were well prepared, good focused on the item.
Rennes, France
Prerequisites:
None
Course Materials:
You will receive the following as part of this course:
● A participant handbook with reference materials
● Virtual machine with the exercises (to be distributed by the instructor on a USB drive)
Course Outline:
IT security and secure coding
● Nature of security
● IT security related terms
● Definition of risk
● IT security vs. secure coding
● From vulnerabilities to botnets and cybercrime
● Classification of security flaws
iOS security overview
● Evolution of iOS security features
● iOS architecture
● iOS sandboxing and app interactions
● Securing data storage
● Deploying applications
Application security
● iOS permissions
● Writing secure iOS applications
● Protecting applications
● Cryptography
● Digital Rights Management (DRM)
● iOS-specific vulnerabilities and bugs
● Reverse engineering and debugging
Buffer overflow protection on iOS
● ARM architecture
● Buffer overflow
● Protection techniques and their circumvention
● Input validation
● Improper use of security features
● Insecure randomness
● Improper error and exception handling
● Time and state problems
● Code quality problems
● Testing iOS code
Knowledge sources
● Secure coding sources – a starter kit
● Vulnerability databases
Audience:
iOS application developers, architects and testers
Examination:
There are no exams associated with this course