SlideShare a Scribd company logo

iOS Application Security Testing

Download as PPT, PDF
B
Blueinfy Solutions

iOS App testing

Software
1 of 65
© Blueinfy Solutions iOS Attacks
© Blueinfy Solutions Insecure Data Storage
© Blueinfy Solutions Insecure Storage • Why application needs to store data – Ease of use for the user – Popularity – Competition – Activity with single click – Decrease Transaction time – Post/Get information to/from Social Sites • 9 out of 10 applications have this vulnerability
© Blueinfy Solutions Insecure Storage • How attacker can gain access – Wifi – Default password after jail breaking (alpine) – Physical Theft – Temporary access to device
© Blueinfy Solutions Insecure Storage • What information we usually find – Authentication Credentials – Authorization tokens – Financial Statements – Credit card numbers – Owner’s Information – Physical Address, Name, Phone number – Social Engineering Sites profile/habbits – SQL Queries
© Blueinfy Solutions System Information Detail Location Applications /var/stash/Applications Etc /private/etc Var /private/var User /var/mobile Provisioning Profile /var/mobileDevice/ProvisioningProfiles Logs /var/log, /var/logs /var/mobile/Library/Logs Network Settings / var/preferences/SystemConfiguration/com.apple.network.identif ication.plist Wifi Settings /var/preferences/SystemConfiguration/com.apple.wifi.plist /var/preferences/SystemConfiguration/preferences.plist Apple ID, Owner information and Firmware Information /root/Library/Lockdown/data_ark.plist Keychain /var/Keychains KeyBoard Cache /User/Library/Keyboard/dynamic-text.dat Tmp /private/var/tmp
© Blueinfy Solutions Application Information Detail Location Address Book /var/mobile/Library/AddressBook/AddressBook.sqlitedb /var/mobile/Library/AddressBook/ AddressBookImages.sqlitedb Last searched Google maps /var/mobile/Library/Caches/MapTiles/MapTiles.sqlitedb Google Map History Information /var/mobile/Library/Maps/History.plist /var/mobile/Library/Maps/Directions.plist Calendar /var/mobile/Library/Calendar/Calendar.sqlitedb Data under notes application /var/mobile/Library/Notes/notes.sqlite Configuration file for Applications /var/mobile/Library/Preferences Photos /var/mobile/Media/DCIM/ Application Pictures when HOME button is pressed (Each application has its own directory - Default applications) /User/Library/Caches/Snapshots
© Blueinfy Solutions Default Services Information Detail Location Call History (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/Callhistory/call_history.db SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/SMS/sms.db Voicemail /var/mobile/Library/Voicemail/voicemail.db Voice mail recording /var/mobile/Library/Voicemail/ System provided applications, ringtons and wallpapers /var/stash Call History /var/wireless/Library/CallHistory Call Log /var/wireless/Library/logs Call Preferences /var/wireless/Library/Preferences
© Blueinfy Solutions User Installed Application Detail Location Installed Applications /User/Applications or /private/var/mobile/Applications Application Directory (Binary, supporting files /User/Applications/<app GUID>/<appname.app> or /private/var/mobile/Applications/<app GUID>/<appname.app> Applications documents i.e. images, PDF, text files /User/Applications/<app GUID>/Documents Application cookies /User/Applications/<app GUID>/Library/Cookies/Cookies.binarycookies Application Preferences (plist files) /User/Applications/<app GUID>/Library/Preferences Application temporary storage /User/Applications/<app GUID>/tmp Application crash report /User/Library/Logs/CrashReporter Application Screens when pressed HOME button /User/Applications/<app GUID>/Library/Caches/Snapshots
© Blueinfy Solutions Browser information Detail Location Browser Cookie /var/mobile/Library/Cookies/Cookies.binarycookies Browser favorites (Book marks) /var/mobile/Library/Safari/Bookmarks.db Browser History /var/mobile/Library/Safari/History.plist Browser Settings /var/mobile/Library/Preferences/com.apple.mobilesafari.plist Browser Cache /User/Library/Caches/com.apple.WebAppCache/ApplicationCache.db
© Blueinfy Solutions Insecure Data Storage • Access file system – CyberDuck • Plist files – xCode/plist Editor • Keychain file (hardware bound ency) – KeyChain Dumper • Information in Db files – SQLite Browser • Logs with queries – SQLite Browser Hands On – Look for Sensitive information in DVDs4Less Application
© Blueinfy Solutions Implementation
© Blueinfy Solutions Local file access
© Blueinfy Solutions Insufficient Transport Layer Protection
© Blueinfy Solutions Insecure Network Channel • Important to encrypt data in the transmission • Easy to perform MiM attacks as Mobile devices uses untrusted network i.e open/Public WiFi, HotSpot, Carrier’s Network • Application deals with sensitive data i.e. – Authentication credentials – Authorization token – PII Information (Privacy Violation) (Owner Name, Phone number, UDID
© Blueinfy Solutions Insecure Network Channel • Can sniff the traffic to get an access to sensitive data • SSL is the best way to secure communication channel • Common Issues – Does not deprecate HTTP requests – Allowing invalid certificates – Sensitive information in GET requests
© Blueinfy Solutions UI Impersonation/Spoofing
© Blueinfy Solutions Activity Monitoring
© Blueinfy Solutions Monitoring • Default OS behavior after iOS 4.0 to cache all the URLS (Request/Response) in the local storage in file named cache.db file • Request/Response includes the login request with username and password • Cache.db file is not encrypted Hands On – Locate cache.db file in DVDs4less application and see request/response
© Blueinfy Solutions Malicious Monitoring • Few services are shared between all the applications • A malicious user can write application to monitor these services – including clipboard monitor
© Blueinfy Solutions Sensitive Data Retrieval
© Blueinfy Solutions PII Information Leakage • Application usually have access to user’s private information i.e. Owner Name, Location, Physical Address, AppID, Phone Number • This information needs to be handled very carefully as per the law in some countries • Storing this information in plain text is not allowed in some countries
© Blueinfy Solutions Client Side Injection
© Blueinfy Solutions SQL Injection in Local database • Most Mobile platforms uses SQLite as database to store information on the device • Using any SQLite Database Browser, it is possible to access database logs which has queries and other sensitive database information • In case application is not filtering input, SQL Injection on local database is possible
© Blueinfy Solutions Poor Authorization and Authentication
© Blueinfy Solutions Authorization & Authentication • No password complexity specially on mobile • Hidden/No Logout button • Long session time out • No account lock out • Authorization flags or based on the local storage
© Blueinfy Solutions Improper Session Handling
© Blueinfy Solutions Improper Session • Session is key for any application for authorization • Application is sending sensitive information in GET request (Be it on HTTP or HTTPS) • GET requests are logged at multiple places • Ends us giving away session to the privilege user with malicious intent
© Blueinfy Solutions Session Cookie • HTTP is state-less protocol • Application leverages session cookie to maintain state for the user • Session cookies are stored in binary format in iOS • File structure is public information • A python script has been written to uncover cookies (http://securitylearn.net/wp-content/uploads/tools/iOS/BinaryCookieReader.py)
© Blueinfy Solutions Security Decisions Via Untrusted Inputs
© Blueinfy Solutions Untrusted Source • Any input from client side which can be modified • Mainly authentication and authorization decisions based on the untrusted input • Easiest way for developer to solve complex issues/functionality • Attacker can get this information by either reverse engineering application or by checking local storage
© Blueinfy Solutions KeyChain Dumper (Old Way) • Upload Keychain Dumper in "/private/var“ • Dump all of the entitlements necessary to access the entries in your target's keychain. • ./keychain_dumper -e > /var/tmp/entitlements.xml • Sign the obtained entitlements into keychain_dumper. • ldid -S/var/tmp/entitlements.xml keychain_dumper • Get all the keys • ./keychain_dumper
© Blueinfy Solutions KeyChain Dumper – DON’T • Do not change Path (Tool just does not do a job well) • Set proper permissions – Keychain_dumper – Executable permission – keychain-2.db – Read permission • Files needs to be deleted before running it again
© Blueinfy Solutions KeyChain Dumper – Easy Way • Shell Script • Shell Script to clean chmod +x /private/var/keychain_dumper chmod +r /private/var/Keychains/keychain-2.db ./keychain_dumper -e > /var/tmp/entitlements.xml ldid -S/var/tmp/entitlements.xml keychain_dumper ./keychain_dumper > /tmp/keys.txt rm -f /private/var/keychain_dumper rm -f /var/tmp/entitlements.xml
© Blueinfy Solutions KeyChain Dumper (After 5.0) • Upload Keychain Dumper in "/private/var“ • Dump all of the entitlements necessary to access the entries in your target's keychain. • ./keychain_dumper -e > /var/tmp/entitlements.xml • To sign keychain_dumper file, transfer keychain_dumper and entitlements.xml file to any MAC machine • Install Keychain Access on MAC
© Blueinfy Solutions KeyChain Dumper (Cont…) • Open keychain_access by opening binary at (/Applications/Utilties/Keychain Access.app/Contents/MacOS/Keychain Access) • Create a “code signing “ “self signed certificate” – Select Type as “Self Signed Root” – Select “Code Signing”
© Blueinfy Solutions KeyChain Dumper (Cont…) • Sign keychain_dumper file using codesign command # codesign -fs "Test" --entitlements entitlements.xml keychain_dumper • Upload keychain_dumper to iOS device • Get all the keys • ./keychain_dumper
© Blueinfy Solutions KeyChain Dumper – New Version • Easy as running a command • Upload on to server in /var directory • Give execute permission – Chmod +x /var/keychain_dumper • Get all the keys • ./keychain_dumper
© Blueinfy Solutions Side Channel Data Leakage
© Blueinfy Solutions Data Leakage to third party • Applications gather Private information and sends to advertisement servers • Advertisement companies pay per the application (This is how the free apps make money) instance
© Blueinfy Solutions Weak Server Side Controls
© Blueinfy Solutions Server Side Issues • Most Application makes server side calls to either web services or some other component. Security of server side component is equally important as client side • Controls to be tested on the server side – Security Control Categories for Server Side Application– Authentication, Access Controls/Authorization, API misuse, Path traversal, Sensitive information leakage,
© Blueinfy Solutions Server Side Issues Error handling, Session management, Protocol abuse, Input validations, XSS, CSRF, Logic bypass, Insecure crypto, DoS, Malicious Code Injection, SQL injection, XPATH and LDAP injections, OS command injection, Parameter manipulations, BruteForce, Buffer Overflow, HTTP response splitting, HTTP replay, XML injection, Canonicalization, Logging and auditing.
© Blueinfy Solutions Broken Cryptography
© Blueinfy Solutions Cryptography • Broken implementation • Hash/Encoding used in place of encryption • Client side script in place of SSL
© Blueinfy Solutions Hooking debugger in iOS Applications
© Blueinfy Solutions Binary Auditing • AppStore Binary => .ipa file – It is a ZIP files with executables and resources (images, package info, config files...) • Simulator Binaries are x86 not ARM • Setup environment – Jailbreak first – SSH – Gdb/iphonedbg – otool/classdump
© Blueinfy Solutions Binary Auditing • Install app on iOS devices – / var/mobile/Applications/<UUID>/<AppName>.ap p/ Or – /User/Applications/<UUID>/<AppName>.app/
© Blueinfy Solutions Binary Auditing • Look at the directory
© Blueinfy Solutions Binary Auditing • Look at the directory
© Blueinfy Solutions Binary Auditing • Look at the directory
© Blueinfy Solutions Binary Auditing • Decrypt the binary file – Each executable page is encrypted with AES and a MD5 checksum is computed • How to know if a binary is encrypted ? – LC_ENCRYPTION_INFO • cryptid : 1 if the binary is encrypted • cryptoffset : offset of the encrypted data • cryptsize : size of the encrypted data
© Blueinfy Solutions Binary Auditing • How to get LC_ENCRYPTION_INFO • otool – tool available in cydia otool –l <APPNAME>| grep LC_ENCRYPTION_INFO –B1 –A4 Load command 10 cmd LC_ENCRYPTION_INFO cryptoff 4096 cryptsize 36864 cryptid 0
© Blueinfy Solutions Binary Auditing • Unpack binary – Use a script that automates the process • Crackulous: tool from Cydia • Just select application, that’s it.
© Blueinfy Solutions Binary Auditing • Manual method – Launch GDB – Set a breakpoint – Run the application – Extract the unencrypted executable code – Patch the architecture specific binary
© Blueinfy Solutions Binary Auditing • Look at the binary, open in IDAPro and resolve obj_msgSend calls • Backtrace calls to objc_msgSend – By hand – Using Zynamics IDAPython scripts (objc_helper.py)
© Blueinfy Solutions Interesting Items to look for • Locate the main class – UIApplicationDelegate – applicationDidFinishLaunching – ApplicationDidFinishLaunchingWithOptions • Views – UI*ViewController – viewDidLoad
© Blueinfy Solutions Using GDB
© Blueinfy Solutions Interesting Items to look for • HTTP(S) • NSURL • Sockets – CFSocketCreate • UIPasteBoard • Location based API • KeyChain API • ..
© Blueinfy Solutions Interesting Items to look for • Some protocol handlers like,
© Blueinfy Solutions Interesting Items to look for
© Blueinfy Solutions Interesting Items to look for
© Blueinfy Solutions Automation in Application Reviews
© Blueinfy Solutions Snoop-it • The only tool today to automate iOS application reviews • Very handy and gives perfect pointer where to look for • A long way to go for automation like web • Demo – https://code.google.com/p/snoop-it/
© Blueinfy Solutions Conclusion

Recommended

Android attacks
Android attacksAndroid attacks
Android attacksBlueinfy Solutions
 
Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and TestingBlueinfy Solutions
 
Android secure coding
Android secure codingAndroid secure coding
Android secure codingBlueinfy Solutions
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobileBlueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationBlueinfy Solutions
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Automation In Android & iOS Application Review
Automation In Android & iOS Application Review�Automation In Android & iOS Application Review�
Automation In Android & iOS Application ReviewBlueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 

Recommended

Android attacks
Android attacksAndroid attacks
Android attacksBlueinfy Solutions
 
Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and TestingBlueinfy Solutions
 
Android secure coding
Android secure codingAndroid secure coding
Android secure codingBlueinfy Solutions
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobileBlueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationBlueinfy Solutions
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Automation In Android & iOS Application Review
Automation In Android & iOS Application Review�Automation In Android & iOS Application Review�
Automation In Android & iOS Application ReviewBlueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decompositionKaty Anton
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
Api security
Api security Api security
Api security teodorcotruta
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedTorsten Lodderstedt
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
The Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityThe Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityStormpath
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCloudIDSummit
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java ApplicationsStormpath
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
D@W REST security
D@W REST securityD@W REST security
D@W REST securityGaurav Sharma
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 

More Related Content

What's hot

Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decompositionKaty Anton
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
The Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityThe Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityStormpath
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCloudIDSummit
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java ApplicationsStormpath
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 

What's hot (20)

Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decomposition
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
Api security
Api security Api security
Api security
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
The Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityThe Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API Security
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java Applications
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2
 

Similar to iOS Application Security Testing

Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Aptera Inc
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseDigicomp Academy AG
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...SolarWinds
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
 
Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Derek Banks
 

Similar to iOS Application Security Testing (20)

Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
 
Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019
 

More from Blueinfy Solutions

Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionBlueinfy Solutions
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approachBlueinfy Solutions
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams SecurityBlueinfy Solutions
 
Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threatsBlueinfy Solutions
 

More from Blueinfy Solutions (12)

Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against Injections
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL Injection
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzing
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approach
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
 
Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threats
 

Recently uploaded

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 

Recently uploaded (20)

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 

iOS Application Security Testing

  • 3. © Blueinfy Solutions Insecure Storage • Why application needs to store data – Ease of use for the user – Popularity – Competition – Activity with single click – Decrease Transaction time – Post/Get information to/from Social Sites • 9 out of 10 applications have this vulnerability
  • 4. © Blueinfy Solutions Insecure Storage • How attacker can gain access – Wifi – Default password after jail breaking (alpine) – Physical Theft – Temporary access to device
  • 5. © Blueinfy Solutions Insecure Storage • What information we usually find – Authentication Credentials – Authorization tokens – Financial Statements – Credit card numbers – Owner’s Information – Physical Address, Name, Phone number – Social Engineering Sites profile/habbits – SQL Queries
  • 6. © Blueinfy Solutions System Information Detail Location Applications /var/stash/Applications Etc /private/etc Var /private/var User /var/mobile Provisioning Profile /var/mobileDevice/ProvisioningProfiles Logs /var/log, /var/logs /var/mobile/Library/Logs Network Settings / var/preferences/SystemConfiguration/com.apple.network.identif ication.plist Wifi Settings /var/preferences/SystemConfiguration/com.apple.wifi.plist /var/preferences/SystemConfiguration/preferences.plist Apple ID, Owner information and Firmware Information /root/Library/Lockdown/data_ark.plist Keychain /var/Keychains KeyBoard Cache /User/Library/Keyboard/dynamic-text.dat Tmp /private/var/tmp
  • 7. © Blueinfy Solutions Application Information Detail Location Address Book /var/mobile/Library/AddressBook/AddressBook.sqlitedb /var/mobile/Library/AddressBook/ AddressBookImages.sqlitedb Last searched Google maps /var/mobile/Library/Caches/MapTiles/MapTiles.sqlitedb Google Map History Information /var/mobile/Library/Maps/History.plist /var/mobile/Library/Maps/Directions.plist Calendar /var/mobile/Library/Calendar/Calendar.sqlitedb Data under notes application /var/mobile/Library/Notes/notes.sqlite Configuration file for Applications /var/mobile/Library/Preferences Photos /var/mobile/Media/DCIM/ Application Pictures when HOME button is pressed (Each application has its own directory - Default applications) /User/Library/Caches/Snapshots
  • 8. © Blueinfy Solutions Default Services Information Detail Location Call History (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/Callhistory/call_history.db SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/SMS/sms.db Voicemail /var/mobile/Library/Voicemail/voicemail.db Voice mail recording /var/mobile/Library/Voicemail/ System provided applications, ringtons and wallpapers /var/stash Call History /var/wireless/Library/CallHistory Call Log /var/wireless/Library/logs Call Preferences /var/wireless/Library/Preferences
  • 9. © Blueinfy Solutions User Installed Application Detail Location Installed Applications /User/Applications or /private/var/mobile/Applications Application Directory (Binary, supporting files /User/Applications/<app GUID>/<appname.app> or /private/var/mobile/Applications/<app GUID>/<appname.app> Applications documents i.e. images, PDF, text files /User/Applications/<app GUID>/Documents Application cookies /User/Applications/<app GUID>/Library/Cookies/Cookies.binarycookies Application Preferences (plist files) /User/Applications/<app GUID>/Library/Preferences Application temporary storage /User/Applications/<app GUID>/tmp Application crash report /User/Library/Logs/CrashReporter Application Screens when pressed HOME button /User/Applications/<app GUID>/Library/Caches/Snapshots
  • 10. © Blueinfy Solutions Browser information Detail Location Browser Cookie /var/mobile/Library/Cookies/Cookies.binarycookies Browser favorites (Book marks) /var/mobile/Library/Safari/Bookmarks.db Browser History /var/mobile/Library/Safari/History.plist Browser Settings /var/mobile/Library/Preferences/com.apple.mobilesafari.plist Browser Cache /User/Library/Caches/com.apple.WebAppCache/ApplicationCache.db
  • 11. © Blueinfy Solutions Insecure Data Storage • Access file system – CyberDuck • Plist files – xCode/plist Editor • Keychain file (hardware bound ency) – KeyChain Dumper • Information in Db files – SQLite Browser • Logs with queries – SQLite Browser Hands On – Look for Sensitive information in DVDs4Less Application
  • 14. © Blueinfy Solutions Insufficient Transport Layer Protection
  • 15. © Blueinfy Solutions Insecure Network Channel • Important to encrypt data in the transmission • Easy to perform MiM attacks as Mobile devices uses untrusted network i.e open/Public WiFi, HotSpot, Carrier’s Network • Application deals with sensitive data i.e. – Authentication credentials – Authorization token – PII Information (Privacy Violation) (Owner Name, Phone number, UDID
  • 16. © Blueinfy Solutions Insecure Network Channel • Can sniff the traffic to get an access to sensitive data • SSL is the best way to secure communication channel • Common Issues – Does not deprecate HTTP requests – Allowing invalid certificates – Sensitive information in GET requests
  • 17. © Blueinfy Solutions UI Impersonation/Spoofing
  • 19. © Blueinfy Solutions Monitoring • Default OS behavior after iOS 4.0 to cache all the URLS (Request/Response) in the local storage in file named cache.db file • Request/Response includes the login request with username and password • Cache.db file is not encrypted Hands On – Locate cache.db file in DVDs4less application and see request/response
  • 20. © Blueinfy Solutions Malicious Monitoring • Few services are shared between all the applications • A malicious user can write application to monitor these services – including clipboard monitor
  • 22. © Blueinfy Solutions PII Information Leakage • Application usually have access to user’s private information i.e. Owner Name, Location, Physical Address, AppID, Phone Number • This information needs to be handled very carefully as per the law in some countries • Storing this information in plain text is not allowed in some countries
  • 24. © Blueinfy Solutions SQL Injection in Local database • Most Mobile platforms uses SQLite as database to store information on the device • Using any SQLite Database Browser, it is possible to access database logs which has queries and other sensitive database information • In case application is not filtering input, SQL Injection on local database is possible
  • 25. © Blueinfy Solutions Poor Authorization and Authentication
  • 26. © Blueinfy Solutions Authorization & Authentication • No password complexity specially on mobile • Hidden/No Logout button • Long session time out • No account lock out • Authorization flags or based on the local storage
  • 27. © Blueinfy Solutions Improper Session Handling
  • 28. © Blueinfy Solutions Improper Session • Session is key for any application for authorization • Application is sending sensitive information in GET request (Be it on HTTP or HTTPS) • GET requests are logged at multiple places • Ends us giving away session to the privilege user with malicious intent
  • 29. © Blueinfy Solutions Session Cookie • HTTP is state-less protocol • Application leverages session cookie to maintain state for the user • Session cookies are stored in binary format in iOS • File structure is public information • A python script has been written to uncover cookies (http://securitylearn.net/wp-content/uploads/tools/iOS/BinaryCookieReader.py)
  • 30. © Blueinfy Solutions Security Decisions Via Untrusted Inputs
  • 31. © Blueinfy Solutions Untrusted Source • Any input from client side which can be modified • Mainly authentication and authorization decisions based on the untrusted input • Easiest way for developer to solve complex issues/functionality • Attacker can get this information by either reverse engineering application or by checking local storage
  • 32. © Blueinfy Solutions KeyChain Dumper (Old Way) • Upload Keychain Dumper in "/private/var“ • Dump all of the entitlements necessary to access the entries in your target's keychain. • ./keychain_dumper -e > /var/tmp/entitlements.xml • Sign the obtained entitlements into keychain_dumper. • ldid -S/var/tmp/entitlements.xml keychain_dumper • Get all the keys • ./keychain_dumper
  • 33. © Blueinfy Solutions KeyChain Dumper – DON’T • Do not change Path (Tool just does not do a job well) • Set proper permissions – Keychain_dumper – Executable permission – keychain-2.db – Read permission • Files needs to be deleted before running it again
  • 34. © Blueinfy Solutions KeyChain Dumper – Easy Way • Shell Script • Shell Script to clean chmod +x /private/var/keychain_dumper chmod +r /private/var/Keychains/keychain-2.db ./keychain_dumper -e > /var/tmp/entitlements.xml ldid -S/var/tmp/entitlements.xml keychain_dumper ./keychain_dumper > /tmp/keys.txt rm -f /private/var/keychain_dumper rm -f /var/tmp/entitlements.xml
  • 35. © Blueinfy Solutions KeyChain Dumper (After 5.0) • Upload Keychain Dumper in "/private/var“ • Dump all of the entitlements necessary to access the entries in your target's keychain. • ./keychain_dumper -e > /var/tmp/entitlements.xml • To sign keychain_dumper file, transfer keychain_dumper and entitlements.xml file to any MAC machine • Install Keychain Access on MAC
  • 36. © Blueinfy Solutions KeyChain Dumper (Cont…) • Open keychain_access by opening binary at (/Applications/Utilties/Keychain Access.app/Contents/MacOS/Keychain Access) • Create a “code signing “ “self signed certificate” – Select Type as “Self Signed Root” – Select “Code Signing”
  • 37. © Blueinfy Solutions KeyChain Dumper (Cont…) • Sign keychain_dumper file using codesign command # codesign -fs "Test" --entitlements entitlements.xml keychain_dumper • Upload keychain_dumper to iOS device • Get all the keys • ./keychain_dumper
  • 38. © Blueinfy Solutions KeyChain Dumper – New Version • Easy as running a command • Upload on to server in /var directory • Give execute permission – Chmod +x /var/keychain_dumper • Get all the keys • ./keychain_dumper
  • 39. © Blueinfy Solutions Side Channel Data Leakage
  • 40. © Blueinfy Solutions Data Leakage to third party • Applications gather Private information and sends to advertisement servers • Advertisement companies pay per the application (This is how the free apps make money) instance
  • 41. © Blueinfy Solutions Weak Server Side Controls
  • 42. © Blueinfy Solutions Server Side Issues • Most Application makes server side calls to either web services or some other component. Security of server side component is equally important as client side • Controls to be tested on the server side – Security Control Categories for Server Side Application– Authentication, Access Controls/Authorization, API misuse, Path traversal, Sensitive information leakage,
  • 43. © Blueinfy Solutions Server Side Issues Error handling, Session management, Protocol abuse, Input validations, XSS, CSRF, Logic bypass, Insecure crypto, DoS, Malicious Code Injection, SQL injection, XPATH and LDAP injections, OS command injection, Parameter manipulations, BruteForce, Buffer Overflow, HTTP response splitting, HTTP replay, XML injection, Canonicalization, Logging and auditing.
  • 45. © Blueinfy Solutions Cryptography • Broken implementation • Hash/Encoding used in place of encryption • Client side script in place of SSL
  • 46. © Blueinfy Solutions Hooking debugger in iOS Applications
  • 47. © Blueinfy Solutions Binary Auditing • AppStore Binary => .ipa file – It is a ZIP files with executables and resources (images, package info, config files...) • Simulator Binaries are x86 not ARM • Setup environment – Jailbreak first – SSH – Gdb/iphonedbg – otool/classdump
  • 48. © Blueinfy Solutions Binary Auditing • Install app on iOS devices – / var/mobile/Applications/<UUID>/<AppName>.ap p/ Or – /User/Applications/<UUID>/<AppName>.app/
  • 49. © Blueinfy Solutions Binary Auditing • Look at the directory
  • 50. © Blueinfy Solutions Binary Auditing • Look at the directory
  • 51. © Blueinfy Solutions Binary Auditing • Look at the directory
  • 52. © Blueinfy Solutions Binary Auditing • Decrypt the binary file – Each executable page is encrypted with AES and a MD5 checksum is computed • How to know if a binary is encrypted ? – LC_ENCRYPTION_INFO • cryptid : 1 if the binary is encrypted • cryptoffset : offset of the encrypted data • cryptsize : size of the encrypted data
  • 53. © Blueinfy Solutions Binary Auditing • How to get LC_ENCRYPTION_INFO • otool – tool available in cydia otool –l <APPNAME>| grep LC_ENCRYPTION_INFO –B1 –A4 Load command 10 cmd LC_ENCRYPTION_INFO cryptoff 4096 cryptsize 36864 cryptid 0
  • 54. © Blueinfy Solutions Binary Auditing • Unpack binary – Use a script that automates the process • Crackulous: tool from Cydia • Just select application, that’s it.
  • 55. © Blueinfy Solutions Binary Auditing • Manual method – Launch GDB – Set a breakpoint – Run the application – Extract the unencrypted executable code – Patch the architecture specific binary
  • 56. © Blueinfy Solutions Binary Auditing • Look at the binary, open in IDAPro and resolve obj_msgSend calls • Backtrace calls to objc_msgSend – By hand – Using Zynamics IDAPython scripts (objc_helper.py)
  • 57. © Blueinfy Solutions Interesting Items to look for • Locate the main class – UIApplicationDelegate – applicationDidFinishLaunching – ApplicationDidFinishLaunchingWithOptions • Views – UI*ViewController – viewDidLoad
  • 59. © Blueinfy Solutions Interesting Items to look for • HTTP(S) • NSURL • Sockets – CFSocketCreate • UIPasteBoard • Location based API • KeyChain API • ..
  • 60. © Blueinfy Solutions Interesting Items to look for • Some protocol handlers like,
  • 63. © Blueinfy Solutions Automation in Application Reviews
  • 64. © Blueinfy Solutions Snoop-it • The only tool today to automate iOS application reviews • Very handy and gives perfect pointer where to look for • A long way to go for automation like web • Demo – https://code.google.com/p/snoop-it/