Jiří Dutkevič: Ochrana citlivých dat v iOS
•
0 likes•283 views
Představím 3 nápady jak zabezpečit data uložená v aplikaci pro případ, že o zařízení uživatel přijde. Ukážu několik technik, jak analyzovat chování a implementaci aplikací. Inspiroval jsem se v problémech, které jsem objevil v aplikacích v AppStoru když jsem hledal “password manager”.
Report
Share
Report
Share
Download to read offline
Recommended
Cracking the Mobile Application Code
Cracking the Mobile Application Code by Sreenarayan A. at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
Ios forensics
This document presents information on iOS forensics. It discusses the introduction to forensics as it relates to mobile devices, the procedure for a case study including creating a forensic copy and analyzing system files and catalogs to search for and recover deleted files like images. It notes the challenges of presenting digital evidence in court and concludes that the process allows recovery of deleted image files with timestamps in a forensically sound way, with opportunities for future research on newer iOS devices.
Hacking and Securing iOS Apps : Part 1
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
iPhone forensics on iOS5
iPhone forensics involves bypassing an iPhone's passcode restrictions, reading its encrypted file system, and recovering deleted files. This is done by creating a forensic toolkit on the device without damaging evidence, establishing communication between the device and computer, and patching the iPhone's chain of trust from the BootRom to kernel. References provide more information on the iPhone's data protection and tools for forensic investigation.
iOS Security and Encryption
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
I Want More Ninja – iOS Security Testing
The document provides instructions for setting up an iOS application testing lab, including recommended hardware, software, and tools for both MacBooks and PCs. It discusses jailbreaking iOS devices to gain root access, installing useful packages and utilities, and exploring application directories and data stores to find vulnerabilities like insecure data storage or client-side injection issues.
Pentesting iPhone applications
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
YOW! Connected 2014 - Developing Secure iOS Applications
The document discusses developing secure iOS applications. It covers common security issues like binary and runtime security, transport layer security, and data security. It provides principles for secure design like not trusting the client/runtime and not storing sensitive data on devices. It also describes techniques to address specific issues like debug checks, jailbreak detection, and preventing unintended data leakage.
Recommended
Cracking the Mobile Application Code
Cracking the Mobile Application Code by Sreenarayan A. at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
Ios forensics
This document presents information on iOS forensics. It discusses the introduction to forensics as it relates to mobile devices, the procedure for a case study including creating a forensic copy and analyzing system files and catalogs to search for and recover deleted files like images. It notes the challenges of presenting digital evidence in court and concludes that the process allows recovery of deleted image files with timestamps in a forensically sound way, with opportunities for future research on newer iOS devices.
Hacking and Securing iOS Apps : Part 1
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
iPhone forensics on iOS5
iPhone forensics involves bypassing an iPhone's passcode restrictions, reading its encrypted file system, and recovering deleted files. This is done by creating a forensic toolkit on the device without damaging evidence, establishing communication between the device and computer, and patching the iPhone's chain of trust from the BootRom to kernel. References provide more information on the iPhone's data protection and tools for forensic investigation.
iOS Security and Encryption
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
I Want More Ninja – iOS Security Testing
The document provides instructions for setting up an iOS application testing lab, including recommended hardware, software, and tools for both MacBooks and PCs. It discusses jailbreaking iOS devices to gain root access, installing useful packages and utilities, and exploring application directories and data stores to find vulnerabilities like insecure data storage or client-side injection issues.
Pentesting iPhone applications
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
YOW! Connected 2014 - Developing Secure iOS Applications
The document discusses developing secure iOS applications. It covers common security issues like binary and runtime security, transport layer security, and data security. It provides principles for secure design like not trusting the client/runtime and not storing sensitive data on devices. It also describes techniques to address specific issues like debug checks, jailbreak detection, and preventing unintended data leakage.
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Wild perú (material de soporte) - Capítulo Trabajo
Estado de la Cuestión sobre acceso al empleo , derecho
al trabajo, para personas con discapacidad en el Perú, se alude a las
"normas complementarias para el cumplimiento de la cuota de empleo
para las personas con discapacidad aplicable a empleadores privados.
Compilación de datos estadísticos y normas, para fortalecer
capacidades, esfuerzos diversos y dar soporte a acciones de
incidencia promovidas por personas o grupos de personas con
discapacidad organizados. Este documento fue elaborado por encargo de
la Asociación Civil Musas Inspiradoras de Cambios para su Taller WILD
PERÚ 2015.
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Manajemen dss (decision_support_system)_dalam[1]
Dokumen tersebut membahas tentang Decision Support System (DSS) yang merupakan sistem untuk mendukung pengambilan keputusan manajerial. DSS dapat mendukung berbagai tingkat manajemen dan proses pengambilan keputusan serta fleksibel untuk menyesuaikan perubahan. DSS terdiri atas komponen manajemen dialog, manajemen basis data, manajemen model, dan saat ini populer menggunakan spreadsheet serta dapat terintegrasi dalam jaringan komputer.
Organization chart
The document outlines the roles and responsibilities of different departments within a company including general administration, accounting and finance, human resources, marketing, and sales. General administration oversees overall company operations including staff recruitment, payments, and ensuring all areas are functioning properly. Accounting and finance manages invoices, accounting documents, economic resources, and obtaining financial resources. Human resources handles recruitment, training, safety, and work schedules. Marketing directs company products and services to end users. Sales is responsible for customer relationships including pricing, packaging, finding customers, and meeting deadlines.
Carbohidratos
Los carbohidratos son compuestos de carbono, hidrógeno y oxígeno que se clasifican en monosacáridos, disacáridos y polisacáridos. Los monosacáridos como la glucosa, fructosa y galactosa son las unidades básicas, mientras que los disacáridos como la sacarosa, maltosa y lactosa están formados por la unión de dos monosacáridos. Los polisacáridos como el almidón y el glicógeno son cadenas largas de monosacáridos
Marcellin Champagnat
Marcellin Champagnat was born in 1789 in France and grew up on a farm, helping with the family's flock of sheep. He felt called to the priesthood and struggled with his studies but persevered. In 1817, he founded the Marist Brothers with two other men to educate children in rural areas. The order grew rapidly under his leadership. He insisted the Brothers focus on the children's spiritual and moral education in addition to academics. Marcellin experienced many hardships but always relied on his deep devotion to the Virgin Mary. He died in 1840 after dedicating his life to the children and Brothers. He was beatified in 1955 and canonized in 1999.
105 Public Participation II
This document discusses various methods for public participation in planning processes. It describes direct mail, news releases, displays/exhibits, open houses, public hearings, opinion surveys. Direct mail can reach a large audience with a simple message but requires moderate resources. News releases are effective for announcements and require few resources. Displays/exhibits provide information at locations people frequently visit. Open houses and public hearings give citizens opportunities to provide direct feedback and input to officials. Opinion surveys systematically gather input from a large number of people with a moderate time commitment. The document emphasizes that public participation is important for raising awareness, educating citizens, obtaining public input, and involving citizens in developing plans and proposals.
Zoology
This document provides an introduction to key concepts in zoology. It discusses 7 characteristics of living things, including chemical uniqueness, complexity and hierarchical organization, reproduction, possession of a genetic code, metabolism, development, and environmental interaction. It also covers the scientific method, the difference between experimental and evolutionary science, Charles Darwin and the theory of evolution including natural selection and common descent. Finally, it discusses contributions to cellular biology including the microscope and animal rights issues in scientific testing.
C# Programming Help
Programming in C#
This program demonstrates the use of a class car and overriding a function in C-sharp.
Programminghomeworkshelp.com started with the mission of helping students in the field of computer science who find it challenging to understand the theoretical concepts and work on executing C# Programming Projects.
Cracking the mobile application code
This document discusses decompiling and reverse engineering mobile applications. It begins by explaining why mobile security is important due to growth in mobile usage and banking. It then covers different types of mobile applications and architectures that can be decompiled. The goals of decompiling are outlined as understanding application workings, finding sensitive data, bypassing checks, and analyzing algorithms. The methodology involves accessing executables, understanding technologies, deriving object code, class files, and function definitions. Demos are provided for Windows Phone, Android, Blackberry, and iOS applications. Obfuscation is discussed as a mitigation technique.
AusCERT - Developing Secure iOS Applications
Michael Gianarakis' presentation discusses developing secure iOS applications. It provides an overview of the iOS application attack surface and common security issues. It outlines secure design principles such as not trusting the client/runtime, understanding the app's risk profile, implementing anti-debugging controls, jailbreak detection, and address space validation. The presentation aims to help developers design apps that are secure against common attacks.
Yow connected developing secure i os applications
This document provides an overview of how to design secure iOS applications. It discusses the iOS application attack surface and common security issues, including binary and runtime security issues. It outlines secure iOS application design principles such as not trusting the client/runtime environment and not storing sensitive data on devices. It then discusses specific techniques for implementing binary and runtime security, such as adding anti-debugging controls, jailbreak detection, and address space validation. It also covers securing memory and the importance of transport layer security.
Manual JavaScript Analysis Is A Bug
When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.
Datasploit - An Open Source Intelligence Tool
This presentation was used for explaining Datasploit to osint enthusiasts in Blackhat Arsenal 2016 and Defcon 24 Demolabs.
Entomology 101
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Web Hacking With Burp Suite 101
This document provides an agenda for a presentation on web application pentesting and using Burp Suite. The presentation will include an overview of Burp Suite, how to get started with it, automated and manual testing techniques, and tips for web hacking. It will cover features of Burp like the proxy, spider, scanner, intruder, repeater, sequencer, and extender. The goal is to help attendees learn the foundation of using Burp Suite for web assessments.
Vulnerability, exploit to metasploit
The document discusses developing an exploit from a vulnerability and integrating it into the Metasploit framework. It covers finding a buffer overflow vulnerability in an application called "Free MP3 CD Ripper", using tools like ImmunityDebugger and Mona.py to crash the application and gain control of EIP. It then shows using Mona.py to generate an exploit, testing it works, and submitting it to the Metasploit framework. It also provides an overview of Meterpreter and its capabilities.
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
iOS Application Security.pdf
This document discusses iOS app security best practices. It covers common security breach areas like jailbreak detection, securing sensitive keys, URL schemes, and third-party dependencies. For jailbreak detection, it notes that 100% detection is impossible and the focus should be on making bypassing detection harder. For keys, it recommends hashing and storing them remotely. For URL schemes, it advises moving to universal links and sanitizing input. For dependencies, it notes the risks of incorporating third-party code and importance of staying updated. It concludes by recommending checking the OWASP Mobile Security Testing Guide for vulnerabilities to address.
More Related Content
Viewers also liked
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Wild perú (material de soporte) - Capítulo Trabajo
Estado de la Cuestión sobre acceso al empleo , derecho
al trabajo, para personas con discapacidad en el Perú, se alude a las
"normas complementarias para el cumplimiento de la cuota de empleo
para las personas con discapacidad aplicable a empleadores privados.
Compilación de datos estadísticos y normas, para fortalecer
capacidades, esfuerzos diversos y dar soporte a acciones de
incidencia promovidas por personas o grupos de personas con
discapacidad organizados. Este documento fue elaborado por encargo de
la Asociación Civil Musas Inspiradoras de Cambios para su Taller WILD
PERÚ 2015.
Como evitar enfermarse
Los especialistas recomiendan comer adecuadamente con frutas y vegetales, tomar vitaminas como la C, hacer ejercicio y caminar al menos 30 minutos diarios, lavarse las manos con frecuencia y tomar aire fresco para evitar enfermarse. El documento luego sugiere de manera humorística que mantener altos niveles de alcohol mata los gérmenes y previene enfermedades.
Manajemen dss (decision_support_system)_dalam[1]
Dokumen tersebut membahas tentang Decision Support System (DSS) yang merupakan sistem untuk mendukung pengambilan keputusan manajerial. DSS dapat mendukung berbagai tingkat manajemen dan proses pengambilan keputusan serta fleksibel untuk menyesuaikan perubahan. DSS terdiri atas komponen manajemen dialog, manajemen basis data, manajemen model, dan saat ini populer menggunakan spreadsheet serta dapat terintegrasi dalam jaringan komputer.
Organization chart
The document outlines the roles and responsibilities of different departments within a company including general administration, accounting and finance, human resources, marketing, and sales. General administration oversees overall company operations including staff recruitment, payments, and ensuring all areas are functioning properly. Accounting and finance manages invoices, accounting documents, economic resources, and obtaining financial resources. Human resources handles recruitment, training, safety, and work schedules. Marketing directs company products and services to end users. Sales is responsible for customer relationships including pricing, packaging, finding customers, and meeting deadlines.
Carbohidratos
Los carbohidratos son compuestos de carbono, hidrógeno y oxígeno que se clasifican en monosacáridos, disacáridos y polisacáridos. Los monosacáridos como la glucosa, fructosa y galactosa son las unidades básicas, mientras que los disacáridos como la sacarosa, maltosa y lactosa están formados por la unión de dos monosacáridos. Los polisacáridos como el almidón y el glicógeno son cadenas largas de monosacáridos
Marcellin Champagnat
Marcellin Champagnat was born in 1789 in France and grew up on a farm, helping with the family's flock of sheep. He felt called to the priesthood and struggled with his studies but persevered. In 1817, he founded the Marist Brothers with two other men to educate children in rural areas. The order grew rapidly under his leadership. He insisted the Brothers focus on the children's spiritual and moral education in addition to academics. Marcellin experienced many hardships but always relied on his deep devotion to the Virgin Mary. He died in 1840 after dedicating his life to the children and Brothers. He was beatified in 1955 and canonized in 1999.
105 Public Participation II
This document discusses various methods for public participation in planning processes. It describes direct mail, news releases, displays/exhibits, open houses, public hearings, opinion surveys. Direct mail can reach a large audience with a simple message but requires moderate resources. News releases are effective for announcements and require few resources. Displays/exhibits provide information at locations people frequently visit. Open houses and public hearings give citizens opportunities to provide direct feedback and input to officials. Opinion surveys systematically gather input from a large number of people with a moderate time commitment. The document emphasizes that public participation is important for raising awareness, educating citizens, obtaining public input, and involving citizens in developing plans and proposals.
Zoology
This document provides an introduction to key concepts in zoology. It discusses 7 characteristics of living things, including chemical uniqueness, complexity and hierarchical organization, reproduction, possession of a genetic code, metabolism, development, and environmental interaction. It also covers the scientific method, the difference between experimental and evolutionary science, Charles Darwin and the theory of evolution including natural selection and common descent. Finally, it discusses contributions to cellular biology including the microscope and animal rights issues in scientific testing.
C# Programming Help
Programming in C#
This program demonstrates the use of a class car and overriding a function in C-sharp.
Programminghomeworkshelp.com started with the mission of helping students in the field of computer science who find it challenging to understand the theoretical concepts and work on executing C# Programming Projects.
Viewers also liked (12)
Wild perú (material de soporte) - Capítulo Trabajo
Wild perú (material de soporte) - Capítulo Trabajo
Ondřej David: Zabezpečení Androidu na úrovni hardwaru
Ondřej David: Zabezpečení Androidu na úrovni hardwaru
Similar to Jiří Dutkevič: Ochrana citlivých dat v iOS
Cracking the mobile application code
This document discusses decompiling and reverse engineering mobile applications. It begins by explaining why mobile security is important due to growth in mobile usage and banking. It then covers different types of mobile applications and architectures that can be decompiled. The goals of decompiling are outlined as understanding application workings, finding sensitive data, bypassing checks, and analyzing algorithms. The methodology involves accessing executables, understanding technologies, deriving object code, class files, and function definitions. Demos are provided for Windows Phone, Android, Blackberry, and iOS applications. Obfuscation is discussed as a mitigation technique.
AusCERT - Developing Secure iOS Applications
Michael Gianarakis' presentation discusses developing secure iOS applications. It provides an overview of the iOS application attack surface and common security issues. It outlines secure design principles such as not trusting the client/runtime, understanding the app's risk profile, implementing anti-debugging controls, jailbreak detection, and address space validation. The presentation aims to help developers design apps that are secure against common attacks.
Yow connected developing secure i os applications
This document provides an overview of how to design secure iOS applications. It discusses the iOS application attack surface and common security issues, including binary and runtime security issues. It outlines secure iOS application design principles such as not trusting the client/runtime environment and not storing sensitive data on devices. It then discusses specific techniques for implementing binary and runtime security, such as adding anti-debugging controls, jailbreak detection, and address space validation. It also covers securing memory and the importance of transport layer security.
Manual JavaScript Analysis Is A Bug
When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.
Datasploit - An Open Source Intelligence Tool
This presentation was used for explaining Datasploit to osint enthusiasts in Blackhat Arsenal 2016 and Defcon 24 Demolabs.
Entomology 101
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Web Hacking With Burp Suite 101
This document provides an agenda for a presentation on web application pentesting and using Burp Suite. The presentation will include an overview of Burp Suite, how to get started with it, automated and manual testing techniques, and tips for web hacking. It will cover features of Burp like the proxy, spider, scanner, intruder, repeater, sequencer, and extender. The goal is to help attendees learn the foundation of using Burp Suite for web assessments.
Vulnerability, exploit to metasploit
The document discusses developing an exploit from a vulnerability and integrating it into the Metasploit framework. It covers finding a buffer overflow vulnerability in an application called "Free MP3 CD Ripper", using tools like ImmunityDebugger and Mona.py to crash the application and gain control of EIP. It then shows using Mona.py to generate an exploit, testing it works, and submitting it to the Metasploit framework. It also provides an overview of Meterpreter and its capabilities.
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
iOS Application Security.pdf
This document discusses iOS app security best practices. It covers common security breach areas like jailbreak detection, securing sensitive keys, URL schemes, and third-party dependencies. For jailbreak detection, it notes that 100% detection is impossible and the focus should be on making bypassing detection harder. For keys, it recommends hashing and storing them remotely. For URL schemes, it advises moving to universal links and sanitizing input. For dependencies, it notes the risks of incorporating third-party code and importance of staying updated. It concludes by recommending checking the OWASP Mobile Security Testing Guide for vulnerabilities to address.
Owasp advanced mobile-application-code-review-techniques-v0.2
The document discusses code review techniques for advanced mobile applications. It begins with an overview of why mobile security is important given the rise in mobile usage. It then discusses different mobile application types and architectures that can be code reviewed, including native, hybrid, and HTML5 applications. The document outlines the goals of mobile application code reviews, such as understanding the application and finding security vulnerabilities. It provides the methodology for conducting code reviews, which includes gaining access to source code, understanding the technology, threat modeling, analyzing the code, and creating automation scripts. Finally, it discusses specific vulnerabilities that may be found in Windows Phone, hybrid, Android, and iOS applications.
MOET: Mobile End-to-End Testing
This document discusses mobile end-to-end testing and exploratory testing tools. It covers the two categories of mobile automation technologies: instrumented and non-instrumented. It then discusses advantages of each technique and considerations for which to use. The document lists popular mobile automation tools for Android and iOS and outlines some pain points or challenges for testing on each platform. It concludes with proposing next steps to address the mobile testing "wall of pain".
Software Analytics: Data Analytics for Software Engineering and Security
Frodo Baggins presents on software analytics for software engineering and security tasks. The presentation discusses how software and how it is built and used is changing, with data now being ubiquitous and software having continuous development and release. Software analytics aims to enable software practitioners to perform data exploration and analysis to obtain useful insights. Examples of software analytics techniques discussed include XIAO for scalable code clone analysis, and SAS for incident management of online services. The presentation then shifts to discussing software analytics techniques for mobile app security, including WHYPER for natural language processing on app descriptions to link permissions to functionality, and AppContext for machine learning to classify malware.
Doug McCune - Using Open Source Flex and ActionScript Projects
The document summarizes Doug McCune's presentation on riding coattails to the top using open source Flex/ActionScript projects. It discusses finding popular open source projects on sites like Google Code and RIAForge, highlights some hot projects in areas like computer vision, sound, and mapping, and provides demos of projects like Adobe's Open Source Media Framework and the Axiis data visualization framework. It also addresses challenges of staying up to date in this rapidly evolving space.
Vulnex app secusa2013
This document outlines a presentation given by Simón Roses Femerling on software security verification tools. It discusses BinSecSweeper, an open source tool created by VulnEx to scan binaries and check that security best practices were followed in development. The presentation covers using BinSecSweeper to verify in-house software, assess a company's software security posture, and compare the security of popular browsers. Examples of plugin checks and reports generated by BinSecSweeper are also provided.
The iOS technical interview: get your dream job as an iOS developer
So you have been doing tutorials, sample projects, and watching videos on iOS development for a while. You are trying to publish an app in the App Store or maybe you got one already there. You dream of becoming a professional iOS developer.
Believe me, I was in the same situation six years ago. I started as an indie developer, self employed, and landed a few short contracts, then a six-month contract, and finally, one day, I got a job as a full-time professional iOS developer with a corporation. I have interviewed for a few companies and I have also interviewed come iOS candidates.
In this talk I will explain how to prepare yourself for the iOS technical interview. I will go thru the most usual questions, give my personal advice on how to succeed and pass the interview, and provide links to training material.
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
This document provides a summary of the steps taken to build an iOS SDK for the Supportify app over multiple iterations:
1. The initial SDK was created in Objective-C using a base framework but was difficult to implement and had code quality issues.
2. An updated SDK was created using Swift, but usability problems remained as it was still difficult for developers to implement.
3. Further iterations incorporated iOS design patterns like Clean Swift to reduce dependencies and modularize components. However, problems with the underlying API specification and tests emerged.
4. The final SDK version incorporated a Swagger-based proxy, models, authentication, and other improvements to address issues, resulting in a more full-featured and easier
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications.
There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
Speaker: Justin Ison
Check out the complete session slides here: http://www.srijan.net/webinar/mobile-...
This session dives into the history of Appium, and it's pros and cons. The speaker also looks at how to write a good test setup and collect meaningful data points. We look at quick demos and comparisons of how Appium significantly reduces test times.
And you definitely should hang around till the Q&A session, where participants pitch in with their issues and queries. The speaker answers all the questions, sharing additional information and tips on Appium.
iOS Application Static Analysis - Deepika Kumari.pptx
This document discusses static analysis techniques for testing iOS applications. It covers analyzing the app manifest file (plist) for sensitive information, checking for insecure data storage in databases and the keychain, verifying code signatures, and dumping runtime memory. The document provides examples of using tools like MobSF, otool, and objection to extract plaintext passwords and other data from test apps.
Similar to Jiří Dutkevič: Ochrana citlivých dat v iOS (20)
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
Doug McCune - Using Open Source Flex and ActionScript Projects
Doug McCune - Using Open Source Flex and ActionScript Projects
The iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developer
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
More from mdevtalk
Jan Čislinský: Seznámení se Sourcery aneb Základy metaprogramování ve Swiftu
mDevTalk #13
20. 9. 2018
Jarda Machaň: Proč je dobré míti Developer Evangelistu
The document discusses the role and value of a developer evangelist. It notes that a developer evangelist helps companies innovate by communicating with developers, understanding their needs, and showing how a company's products and APIs can help meet those needs. A developer evangelist provides value by educating developers on a company's offerings, demonstrating code examples, and helping generate interest and adoption of a company's technologies within the developer community.
Pavel Cvetler: Jeden kód, co vládne všem? Žádný problém pro Android i iOS
mDevTalk #12
24. 5. 2018
Video: https://youtu.be/1GDXhGoMWTU
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
This document provides an overview of key considerations for implementing cryptography and securing an application. It discusses topics like avoiding plaintext secrets, implementing secure authentication and transport, managing third party libraries, and best practices like not overstating an app's security. The goal is to help developers protect user privacy and security throughout the development process.
Michal Havryluk: How To Speed Up Android Gradle Builds
- The document provides tips for speeding up Android Gradle builds, including enabling parallel builds, optimizing project structure, using implementation over compile for dependencies, enabling the build cache, and deploying to emulators or devices with smaller memory footprints.
- It recommends profiling builds using Gradle options like --dry-run and --profile to identify bottlenecks. Migrating to Android Gradle Plugin 3.0.0 and optimizing dependencies, resources, and third-party libraries can further improve build times.
- A step-by-step approach is suggested, starting with baseline measurements and implementing smaller changes before larger refactors like moving to a multi-module project structure.
Vladislav Iliushin: Dark side of IoT
The number of internet-connected devices worldwide is growing dramatically from around 7 billion in 2015 to over 20 billion by 2025. However, this growth in unsecured internet-connected devices leaves many vulnerable to malware and hacking. Examples are shown of common internet-connected devices like wireless routers, cameras, and speakers that have been hacked due to unsecured default passwords and exposed APIs.
Georgiy Shur: Bring onboarding to life
This document discusses using ViewPager-based animations for onboarding screens in Android apps. It describes using ViewPager offsets and animating properties like position, scale and color to create interactive transitions between onboarding pages. Code samples are provided to implement animations using libraries like SparkleMotion and Spritz when swiping between pages in a ViewPager. Resources for further reading on ViewPager animations are also listed.
David Bilík: Anko – modern way to build your layouts?
The document discusses Anko, a library that aims to simplify Android development using Kotlin. It consists of multiple parts that provide helpers for common tasks like building layouts, SQLite queries, and coroutines. Anko uses a domain-specific language to allow building layouts in a type-safe way without XML, which can improve performance compared to traditional layout inflation. The document provides an example comparing the speed of building a layout with Anko versus XML, finding Anko to be up to 4 times faster in some cases. It also demonstrates creating a sample layout using both traditional Android code and Anko's DSL approach.
Maxim Zaks: Deep dive into data serialisation
This document compares different data serialization formats for persisting state and user generated content on mobile. JSON is human readable but large and inefficient for numbers. Protocol Buffers and FlatBuffers are binary formats that are more efficient in size and faster for reads/writes through the use of schemas and typed accessors. Both support evolution but Protocol Buffers has no partial reads while FlatBuffers enables this through references and random access.
Nikita Tuk: Handling background processes in iOS: problems & solutions
The document discusses handling background processes in iOS, including:
1. The different app life cycle states before and after iOS 7, and limitations of background processing.
2. Techniques for performing background uploads including silent notifications, background fetch, and NSURLSession.
3. The speaker's approach of using a state machine and modular architecture to reliably perform background uploads and ensure completion handlers are called even if the app is terminated.
Tomáš Kohout: Jak zrychlit iOS vývoj pomocí Swift playgoundů
mDevTalk #7: 30. 3. 2017
Swift playground je skvělým nástrojem na výuku programování. Má ale reálné využití v každodenním vývoji mobilních aplikací? Odpověď je jasné ano! V této přednášce si ukážeme jak lze vytvořit playground pro středně složitou aplikací a jak jej využít pro urychlení vývoje vaší aplikace.
David Vávra: Firebase + Kotlin + RX + MVP
mDevTalk #6: 26. 1. 2017
Nová Firebase řeší spoustu běžných problémů Android vývojáře. Pokud ale máte komplexnější strukturu databáze, potřebujete to všechno spojit pomocí RxJavy. To celé chce nějakou architekturu jako MVP. A Kotlin udělá kód kratší a čitelnější.
Adam Šimek: Optimalizace skrolování, RecyclerView
mDevTalk #6: 26. 1. 2017
Když se podíváte na aplikace ve vašem telefonu, tak většina obsahu je zobrazena ve skrolovatelných komponentách. Seznam zpráv, timeline na Facebooku, kontakty, poznámky, Twitter, fotky, prostě všechno. Nekonečný seznam něčeho. A není to vždy plynulé. Komplexita aplikací narůstá a skrolovaní se stále seká a seká. A programátoři se snaží a snaží. Nebo se snad nesnaží? V přednášce bych vás chtěl provést od základů toho, jak RecyclerView funguje, přes konkrétní tipy a triky a věci, kterým se vyvarovat, po poslední novinky v RecyclerView, jako je prefetch.
Paul Lammertsma: Account manager & sync
mDT #5, 24. 11. 2016
Storing account information is a common challenge many app developers face, and is often tackled in tailored solutions. Isn’t there some strategy to store account credentials in a centralized place? What about multiple accounts, like Twitter? And when should or could I synchronize data? Android offers a powerful account manager. Let’s explore the possibilities and lay out an architecture for engineering an Android app based on accounts.
Charles Du: Introduction to Mobile UX Design
mDT#4 29. 9. 2016
Learn how to shape a rough app idea into a thoughtful, intuitive design. Find out how successful mobile apps are designed and user-tested. Charles will share design examples from his past work including the NASA app and the Ticketmaster app. This talk will focus on UX design so no coding experience is needed.
Honza Dvorský: Swift Package Manager
mDT #4, 29. 9. 2016
Swift Package Manager je dependency manager od Applu, alternativa ke CocoaPods. Jeho vývoj Apple dělá otevřeně na GitHubu a za posledních pár měsíců se kolem něj vytvořila aktivní komunita. Honza během svého talku předvede, jak nástroj vypadá, kdy a jak ho používat.
David Bureš - Xamarin, IoT a Azure
Na ukázkové aplikaci psanou v Xamarin si prakticky představíme architekturu a propojení na jednotlivé služby v Azure, které jsou z pohledu IoT klíčové:
• Mobilní aplikaci psanou pomocí Xamarin pro Android, iPhone a Windows Phone, která slouží jako field gateway, ale i pro zobrazování dat
• Azure Mobile App jako backend pro mobilní aplikaci, umožňující autentizaci, ale i rychlý vývoj pomoci Easy Tables a Easy API a Push Notifikace
• HockeyAPP pro distribuci mobilní aplikace pro testy a sběr chyb
• Application Insights pro monitoring
• IoT Hub, který pomůže při sběru dat z koncových zařízení (mikrokontroléry a field gateways)
• Stream Analytics, které umožňují real time analýzu velkého množství dat
• Power BI pro chytré zobrazování
• Služby pro persistetní ukládání dat jako je Azure Storage nebo Azure SQL Database
Podíváme se na to, jak můžete připojit vaše auto přes OBD-II ke Cloudu a sledovat rychlost, spotřebu, otáčky a další hodnoty v reálném čase. Vše je samozřejmě open source.
Dominik Veselý - Vše co jste kdy chtěli vědět o CI a báli jste se zeptat
Continuous Integration je velice důležité, leč často opomíjené téma. Většina lidí má tento termín zažitý jako něco co je složité a patří to do velkých společností. Opak je pravdou, CI můžete využívat i jako freelancer nebo malá společnost velice jednoduše. Ať už ho chcete používat k testování, nasazování, doručování buildu nebo notifikacím, ušetří Vám to hodně času a peněz. Dominik se věnuje problematice CI pro mobilní vývoj již více jak 2 roky a se svými kolegy vyrobil CI pipeline pro iOS, Android i backend, která šetří stovky minut denně celému týmu. Ve svém talku se zaměří, jak na mobilní platformy, tak na backendy a frontendy, aby si na své přišel opravdu každý.
Petr Dvořák: Push notifikace ve velkém
Věděli jste, že push notifikace mohou až ztrojnásobit počet spuštění aplikace? Nebo že aplikace, které podporují push notifikace mají až o 70% větší pravděpodobnost, že na zařízení přežijí déle než 60 dní? Schopnost přijímat push notifikace by proto měla být vlastní každé aplikaci. Ukážeme si, jak na to na klientovi i na serveru.
More from mdevtalk (20)
Jan Čislinský: Seznámení se Sourcery aneb Základy metaprogramování ve Swiftu
Jan Čislinský: Seznámení se Sourcery aneb Základy metaprogramování ve Swiftu
Jarda Machaň: Proč je dobré míti Developer Evangelistu
Jarda Machaň: Proč je dobré míti Developer Evangelistu
Pavel Cvetler: Jeden kód, co vládne všem? Žádný problém pro Android i iOS
Pavel Cvetler: Jeden kód, co vládne všem? Žádný problém pro Android i iOS
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Michal Havryluk: How To Speed Up Android Gradle Builds
Michal Havryluk: How To Speed Up Android Gradle Builds
David Bilík: Anko – modern way to build your layouts?
David Bilík: Anko – modern way to build your layouts?
Nikita Tuk: Handling background processes in iOS: problems & solutions
Nikita Tuk: Handling background processes in iOS: problems & solutions
Milan Oulehla: Bezpečnost mobilních aplikací na Androidu
Milan Oulehla: Bezpečnost mobilních aplikací na Androidu
Tomáš Kohout: Jak zrychlit iOS vývoj pomocí Swift playgoundů
Tomáš Kohout: Jak zrychlit iOS vývoj pomocí Swift playgoundů
Dominik Veselý - Vše co jste kdy chtěli vědět o CI a báli jste se zeptat
Dominik Veselý - Vše co jste kdy chtěli vědět o CI a báli jste se zeptat
Jiří Dutkevič: Ochrana citlivých dat v iOS
- 1. Protec'ng sensi've data against offline a1acks Jiri Dutkevic jd@avast.com
- 2. Agenda • focus • why • how • what • content • summary
- 3. 3 defining aspects of apps
- 5. #1 what they look like
- 7. #2 what they seem to be doing (as perceived through the UI)
- 8. #3 what they are actually doing
- 10. inspired by apps available on the AppStore
- 11. 3 key ideas + a few addi)onal side notes
- 14. Bob
- 15. Demo 1 App Walkthrough & Code
- 16. Alice
- 17. Jailbreaking • altering iOS through exploits • code signing, file system access, root access, Cydia
- 18. Demo 2 Retrieving data from the filesystem
- 19. Objec&ve-C Run&me • run%me oriented language • allows inspec%on and modifica%on in run%me • relevant to Swi$
- 21. Snoop-it h"ps://code.google.com/p/ snoop-it/ source: repo.nesolabs.de • a debugging tool for analysing apps in run3me
- 22. Demo 4 Bypass the UI using Snoop-it
- 23. house with doors but holes instead of windows
- 24. Part 2 Encryp'on
- 25. Bob
- 27. Alice
- 28. Demo 5 Sniffing sensi)ve APIs using Snoop-it
- 29. we've added windows, but we are leaving the key under the doormat
- 30. Part 3 Tradeoffs
- 31. Bob
- 32. Updated encryp,on scheme Verifying password without storing it
- 33. Alice
- 34. Demo 6 Bruteforcing the pin using a fake app
- 35. we've added an emergency exit with a poor lock
- 36. Part 4 Summary
- 37. Bob
- 38. Updated encryp,on scheme Password required for ini/al unlock
- 39. Alice
- 40. when leaving, we block the emergency exit
- 41. Summary 1. Encrypt 2. Do not store full informa6on needed for decryp6on persistently 3. Beware of tradeoffs between UX and security github.com/jirid/mdevtalk2