Satish.B

Email:

satishb3@securitylearn.net

iPhone Application Security Course Overview

2 http://www.securitylearn.net

Course Content

Introduction to Mobile applications

Mobile Application Security

Types of Mobile Applications

Mobile Application architectures

Comparison between iPhone, Android & Blackberry applications

Mobile Malware

iOS Architecture

iTunes

OS Upgrading/Downgrading/Restoring

iOS Internals – Kernel, RamDisk

iOS Layers

File System

Permission model

iOS Backups

Comparison with Android Architecture

iOS Security features

Code Signing

Passcode protection

Data Protection/ Protection classes

Sand Boxing

ASLR/DEP

Data Wipe

Encrypted Backups

Comparison with Android Security Features

iOS Security loop holes

JailBreaking

Unlocking

Hactivation

Breaking Data protection/sand boxing

iOS Application distribution models

Device distribution

Adhoc distribution

OTA distribution

In-house distribution

AppStore distribution

3 http://www.securitylearn.net

Pentest environment setup

iGoat setup

iOS simulator Vs iOS devices

iOS Application traffic analysis

Capturing HTTP traffic

MITM SSL Traffic

Custom protocol analysis

Overview of Web Application attacks

Security Best practices

Local Data Storage analysis

Property lists

Keychain – Sqlite database

Web Kit Storage

Cookies

Custom encrypted files

Security Best practices

Data caching

Screenshots

Keyboard cache

Security Best practices

URL Schemes

Implementation of URL Schemes

Security Best practices

Facebook URL Scheme analysis

Reverse engineering iPhone Applications

Decrypting iPhone Apps

Run time debugging with GNU Debugger

Secure practices

Restricting JailBreak

Demo - Twitter

Major mobile application threats

OWASP Top 10 mobile application risks

Veracode Top 10 mobile application riks

Push notifications

Understanding push notifications

Secure Implementation

4 http://www.securitylearn.net

iPhone Passcode Bypass

Data recovery techniques

iPhone Backup analysis

Reading backups

Encrypting & Decrypting backups

Security Loopholes

Enterprise iPhone Application security

iPhone Application Security Checklist

Contact

Satish B

Email: satishb3@securitylearn.net

satishb3@hotmail.com