Книга


Сообщение

Книга Jonathan Zdziarski - [Apple] Hacking and Securing iOS Applications [2012, PDF, ENG]

Сообщение Nik » 28 дек 2013, 00:50

Hacking and Securing iOS Applications

Год: 2012
Автор: Jonathan Zdziarski
Издательство: O'Reilly Media
ISBN: 978-1-4493-1874-1
Язык: Английский
Формат: PDF
Качество: Изначально компьютерное (eBook)
Интерактивное оглавление: Да
Количество страниц: 356
Описание:If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.• Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
• Learn how attackers infect apps with malware through code injection
• Discover how attackers defeat iOS keychain and data-protection encryption
• Use a debugger and custom code injection to manipulate the runtime Objective-C environment
• Prevent attackers from hijacking SSL sessions and stealing traffic
• Securely delete files and design your apps to prevent forensic data leakage
• Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Примеры страниц
Оглавление
Chapter 1 : Everything You Know Is Wrong
The Myth of a Monoculture
The iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Forensic Data Trumps Encryption
External Data Is at Risk, Too
Hijacking Traffic
Trust No One, Not Even Your Application
Physical Access Is Optional
Summary

Hacking
Chapter 2 : The Basics of Compromising iOS
Why It’s Important to Learn How to Break Into a Device
Jailbreaking Explained
End User Jailbreaks
Compromising Devices and Injecting Code
Exercises
Summary

Chapter 3 : Stealing the Filesystem
Full Disk Encryption
Copying the Live Filesystem
Copying the Raw Filesystem
Exercises
The Role of Social Engineering
Summary

Chapter 4 : Forensic Trace and Data Leakage
Extracting Image Geotags
SQLite Databases
Reverse Engineering Remnant Database Fields
SMS Drafts
Property Lists
Other Important Files
Summary
Chapter 5 : Defeating Encryption
Sogeti’s Data Protection Tools
Extracting Encryption Keys
Decrypting the Keychain
Decrypting Raw Disk
Decrypting iTunes Backups
Defeating Encryption Through Spyware
Exercises
Summary

Chapter 6 : Unobliterating Files
Scraping the HFS Journal
Carving Empty Space
Commonly Recovered Data
Summary

Chapter 7 : Manipulating the Runtime
Analyzing Binaries
Encrypted Binaries
Abusing the Runtime with Cycript
Exercises
Summary

Chapter 8 : Abusing the Runtime Library
Breaking Objective-C Down
Disassembling and Debugging
Malicious Code Injection
Injection Using Dynamic Linker Attack
Summary

Chapter 9 : Hijacking Traffic
APN Hijacking
Simple Proxy Setup
Attacking SSL
Attacking Application-Level SSL Validation
Hijacking Foundation HTTP Classes
Analyzing Data
Driftnet
Exercises
Summary

Securing
Chapter 10 : Implementing Encryption
Password Strength
Introduction to Common Crypto
Master Key Encryption
Geo-Encryption
Split Server-Side Keys
Securing Memory
Public Key Cryptography
Exercises
Chapter 11 : Counter Forensics
Secure File Wiping
Wiping SQLite Records
Keyboard Cache
Randomizing PIN Digits
Application Screenshots

Chapter 12 : Securing the Runtime
Tamper Response
Process Trace Checking
Blocking Debuggers
Runtime Class Integrity Checks
Inline Functions
Complicating Disassembly
Exercises

Chapter 13 : Jailbreak Detection
Sandbox Integrity Check
Filesystem Tests
Page Execution Check

Chapter 14 : Next Steps
Thinking Like an Attacker
Other Reverse Engineering Tools
Security Versus Code Management
A Flexible Approach to Security
Other Great Books

Постеры

Соцсети

 

Статистика

Автор: Nik
Добавлен: 28 дек 2013, 00:50
Размер: 9.87 МБ
Размер: 10 349 453 байт
Сидеров: 3
Личеров: 1
Скачали: 1
Здоровье: 100%
Раздающих: 100%
Скорость скачивания: 0 байт/сек
Скорость раздачи: 0 байт/сек
Последний сидер: 1 месяц 1 день 9 часов 41 минуту 48 секунд назад
Последний личер: 1 месяц 1 день 9 часов 41 минуту 48 секунд назад
Приватный: Нет (DHT включён)
Сеть и безопасность Скачать торрент
Скачать торрент
[ Размер 12.86 КБ / Просмотров 1 ]

Поделиться



  • Похожие торренты
    Ответы
    Просмотры
    Последнее сообщение

Вернуться в Сеть и безопасность