Synopses & Reviews
Every day, over half a billion iOS users blindly entrust mobile devices with their personal information. If you write an application that mishandles that information, you'll create a goldmine for attackers—and a catastrophe for you and your customers. Whether you develop iOS apps or test their defenses, it's critical that you know how to track down and eliminate security threats before they become real issues.
In iOS Application Security, author David Thiel shows you how to write apps that actually protect users from the bad guys. He covers everything you need to know to design secure iOS apps from the ground up, including:
- A whirlwind tour of iOS application structure and Objective-C design patterns
- A glimpse into the iOS security model and the limits of its built-in protections
- The myriad ways that sensitive data can leak into places it shouldn't be
- Legacy flaws from C that still cause problems in modern iOS applications
- Implementing encryption with the Keychain, the Data Protection API, and Common Crypto
iOS Application Security reveals not only the sort of coding mistakes that developers and security professionals encounter when writing and testing apps but also how to fix them. Complete with coverage of the upcoming iOS 8, Thiel pulls otherwise fragmented information about industry best practices into this essential guide to secure app development.
Synopsis
Eliminating security holes in iOS apps is critical for any developer who wants to protect their users from the bad guys. In iOS Application Security, mobile security expert David Thiel reveals common iOS coding mistakes that create serious security problems and shows you how to find and fix them.
After a crash course on iOS application structure and Objective-C design patterns, you'll move on to spotting bad code and plugging the holes. You'l learn about:
- The iOS security model and the limits of its built-in protections
- The myriad ways sensitive data can leak into places it shouldn't, such as through the pasteboard
- How to implement encryption with the Keychain, the Data Protection API, and CommonCryptoLegacy flaws from C that still cause problems in modern iOS applications
- Privacy issues related to gathering user data and how to mitigate potential pitfalls
Don't let your app's security leak become another headline. Whether you're looking to bolster your app's defenses or hunting bugs in other people's code, iOS Application Security will help you get the job done well.
About the Author
David Thiel has almost 20 years of computer security experience, with expertise in penetration testing and iOS application security. He has presented at security conferences like BlackHat and DEFCON, and he currently works as a Vice President at the security firm iSEC Partners. Thiel's research and his work on Mobile Application Security (McGraw Hill) helped launch the field of iOS application security.