Jonathan Zdziarski - [Apple] Hacking and Securing iOS Applications [2012, PDF, ENG]

Видео уроки, книги, учебники по компьютерным сетям и коммуникациям
Торрент Сидеров Личеров Размер
3 1 9.87 МБ
Аватара пользователя
Сообщения: 25934
Зарегистрирован: 05 ноя 2011, 22:02

Jonathan Zdziarski - [Apple] Hacking and Securing iOS Applications [2012, PDF, ENG]

Сообщение Nik » 28 дек 2013, 00:50

Hacking and Securing iOS Applications

Год: 2012
Автор: Jonathan Zdziarski
Издательство: O'Reilly Media
ISBN: 978-1-4493-1874-1
Язык: Английский
Формат: PDF
Качество: Изначально компьютерное (eBook)
Интерактивное оглавление: Да
Количество страниц: 356
Описание:If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.• Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
• Learn how attackers infect apps with malware through code injection
• Discover how attackers defeat iOS keychain and data-protection encryption
• Use a debugger and custom code injection to manipulate the runtime Objective-C environment
• Prevent attackers from hijacking SSL sessions and stealing traffic
• Securely delete files and design your apps to prevent forensic data leakage
• Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Примеры страниц
Chapter 1 : Everything You Know Is Wrong
The Myth of a Monoculture
The iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Forensic Data Trumps Encryption
External Data Is at Risk, Too
Hijacking Traffic
Trust No One, Not Even Your Application
Physical Access Is Optional

Chapter 2 : The Basics of Compromising iOS
Why It’s Important to Learn How to Break Into a Device
Jailbreaking Explained
End User Jailbreaks
Compromising Devices and Injecting Code

Chapter 3 : Stealing the Filesystem
Full Disk Encryption
Copying the Live Filesystem
Copying the Raw Filesystem
The Role of Social Engineering

Chapter 4 : Forensic Trace and Data Leakage
Extracting Image Geotags
SQLite Databases
Reverse Engineering Remnant Database Fields
SMS Drafts
Property Lists
Other Important Files
Chapter 5 : Defeating Encryption
Sogeti’s Data Protection Tools
Extracting Encryption Keys
Decrypting the Keychain
Decrypting Raw Disk
Decrypting iTunes Backups
Defeating Encryption Through Spyware

Chapter 6 : Unobliterating Files
Scraping the HFS Journal
Carving Empty Space
Commonly Recovered Data

Chapter 7 : Manipulating the Runtime
Analyzing Binaries
Encrypted Binaries
Abusing the Runtime with Cycript

Chapter 8 : Abusing the Runtime Library
Breaking Objective-C Down
Disassembling and Debugging
Malicious Code Injection
Injection Using Dynamic Linker Attack

Chapter 9 : Hijacking Traffic
APN Hijacking
Simple Proxy Setup
Attacking SSL
Attacking Application-Level SSL Validation
Hijacking Foundation HTTP Classes
Analyzing Data

Chapter 10 : Implementing Encryption
Password Strength
Introduction to Common Crypto
Master Key Encryption
Split Server-Side Keys
Securing Memory
Public Key Cryptography
Chapter 11 : Counter Forensics
Secure File Wiping
Wiping SQLite Records
Keyboard Cache
Randomizing PIN Digits
Application Screenshots

Chapter 12 : Securing the Runtime
Tamper Response
Process Trace Checking
Blocking Debuggers
Runtime Class Integrity Checks
Inline Functions
Complicating Disassembly

Chapter 13 : Jailbreak Detection
Sandbox Integrity Check
Filesystem Tests
Page Execution Check

Chapter 14 : Next Steps
Thinking Like an Attacker
Other Reverse Engineering Tools
Security Versus Code Management
A Flexible Approach to Security
Other Great Books
У вас нет необходимых прав для просмотра вложений в этом сообщении.