4. APP SANDBOX
Mac based
Confined to App Directory
Some IOS versions how ever allowed access to arbitrary
locations including /private/var/mobile/Media/Photos/
5. FDE
First to Introduce it in the Market
Solves Data at Rest Problem
Device KEY + User Passcode = File Sys Key
File Sys Key used to Decrypt File Meta Data
File Meta Data has per file key
6. KEYCHAIN
Can Store Secret Information here
Mediated through securityd daemon
Can Specify events when the keychain data should be avaliable
Jailbroken device = NO KEYCHAIN SECURITY
Use Keychain Dumper from Cydia
7. JAILBREAKING
Required to run unsigned code in the device
Required for security testing
Required for Modifying the Device
Required for Awesomeness !!
9. APPSEC ESSENTIALS ( FS )
Use iExplorer / iFunBox to Explore the App SandBox
Check Plist Files
Check Binary Cookies
Check Screenshots
Check Keyboard Cache ( Autocomplete data may go in here )
Check for Sqlites
Check for Sensitive Data Elsewhere
10. APPSEC ESSENTIALS ( NETWORK)
Use a standard HTTP proxy to Intercept Traffic
Install Proxy Certificate on the device
Change proxy settings in WIFI settings
Install SSL TRUST KILLER for Certificate Pinning Bypass if needed
Use ipTables to intercept non-http traffic