What this book covers

Chapter 1, Introducing iOS Application Security, teaches readers the basics of an iOS app development process and iOS security model. This chapter also teaches different concepts such as iOS sandboxing, security layers, and so on. It provides an overview of OWASP Top 10 Mobile Risks.

Chapter 2, Setting up Lab for iOS App Pentesting, explains the readers how to bypass security restrictions that prevent us from performing the penetration testing and set up a lab to perform iOS application penetration testing. It will help in learning about hardware and software requirements and setting up all the required utilities for iOS pentesting.

Chapter 3, Identifying the Flaws in Local Storage, covers identifying flaws in an application's local storage. For handheld devices, getting stolen is one of the biggest risks. Applications are not supposed to store any sensitive information locally in plain text/insecure format. We will look at different formats where an application usually stores sensitive data.

Chapter 4, Traffic Analysis for iOS Application, covers all about intercepting iOS application's network traffic. We will look at how to analyze or modify the application traffic over HTTP or HTTPS and also what certificate pinning is and the way to bypass it. The chapter will also give you a walkthrough about attacks that can be performed using proxy tools.

Chapter 5, Sealing up Side Channel Data Leakage, helps the readers to understand the security aspect of the leakage of sensitive data through various channels, such as logs, screenshots, cache, pasteboard, and so on. If your sensitive information, such as credit card numbers, username, password, OAuth tokens, company sensitive data, and so on, is getting leaked, then it's a considerable risk. Therefore, this chapter helps you to understand the risks of data leakage and the ways to prevent them.

Chapter 6, Analyzing iOS Binary Protections, explains how to perform an analysis of iOS binary that is downloaded from App Store or shared by third party, regarding how to reverse engineer the application, look for sensitive data hardcoded in a source code, and also check whether an application binary has implemented the address space layout randomization (ASLR) and stack smashing protection.

Chapter 7, The iOS App Dynamic Analysis, teaches the readers about performing application's runtime analysis. We will hook debuggers to applications and modify the application's workflow as per the requirements. We will explore different techniques such as using command-line utilities and GUI tools for assessment.

Chapter 8, iOS Exploitation, provides knowledge about gaining shell access to the victim's iDevice. We will study different shell access, such as shell bind TCP and shell reverse TCP, on iDevice. This chapter will also provide a walkthrough about how to use iDevice as a pentesting device itself for wireless pentesting, network pentesting, web pentesting, and so on. We will also study different ways of creating backdoors.

Chapter 9, Introducing iOS Forensics, provides a walkthrough of iOS forensics. We will begin with iOS filesystem and move further with the concepts of iOS forensics. We will also have hands on live forensics and data backup analysis. We will also take a walkthrough about different tools in the market to perform iOS forensics.