Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift


Published on

Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user’s data from theft or corruption, your customers’ property and your reputation are at stake.

Published in: Engineering
  • I have always found it hard to meet the requirements of being a student. Ever since my years of high school, I really have no idea what professors are looking for to give good grades. After some google searching, I found this service ⇒ ⇐ who helped me write my research paper. The final result was amazing, and I highly recommend ⇒ ⇐ to anyone in the same mindset as me.
    Are you sure you want to  Yes  No
    Your message goes here
  • D0WNL0AD FULL ▶ ▶ ▶ ▶ ◀ ◀ ◀ ◀
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift

  1. 1. Agenda • Why Secure App • Types of Security threats • iOS Security • Secure Coding Guidelines • Man in middle Attack • Certificate Pinning
  2. 2. About me! Bunty Madan Twitter/Github/Stackoverflow @buntylm Developer at Accenture
  3. 3. Developing Secure iOS Apps
  4. 4. iOS Application Platform Mapping Arch. Mapping Client Attack Binary Analysis File System Analysis Runtime Analysis Network Attack Runtime Traffic Install Traffic Server Attack TCP Attack HTTP Attack
  5. 5. iOS Security Architecture
  6. 6. General iOS Platform Security
  7. 7. System Architecture Secure bot chain System Software Personalization App Code Signing Runtime Process Security
  8. 8. Encryption and Data Protection File Data Protection & Classes Pass codes Keychain Data Protection Hardware Security Features
  9. 9. Network security 1. SSL/TLS 2. SSL Pinning
  10. 10. Device access • Configuration Enforcement • Mobile Device Management • Apple Configurator
  11. 11. Secure Coding Guide
  12. 12. •Avoid cached application •HTTP Request/Response •Files •Encryption •SQLCipher •Keychain •Protection classes and backup •Decryption key generation – Use iOS AES Crypto library •Deletion of Data •Authentication Mechanism
  13. 13. • Always Obscure sensitive value in UI • Implement Anti tempering technique • Track debugger or Trace checking • Use of UIWebView to prevent framing • Certificate Pinning must be there • Request/Resource timeout
  14. 14. Man In The Middle Attack
  15. 15. SSL Certificate Pinning
  16. 16. Recap • Why Security • Where Security fits • Device, Application, Network, Server • Coding Guidelines • MIMA • Prevent using SSL/Certificate Pinning
  17. 17. Thank you For more Twitter/Github/Stackoverflow @buntylm