SlideShare a Scribd company logo

How to Protect Data in Your iOS Application

Wiley
Wiley

Learn to protect data and reduce the likelihood of it being compromised by an attacker. Knowing how data is stored, processed, transmitted, and destroyed goes a long way in keeping it safe.

Technology
1 of 19
Download to read offline
How to Protect Data in Your iOS Application
In most mobile applications, data is the thing that’s of most interest to an attacker.
As such, it’s crucial to look at how your data is received, processed, transmitted, and ultimately destroyed.
By considering the following general design principles, you can protect data within your application and reduce the likelihood of it being intercepted or compromised by an attacker.
How data is stored in the application
The best approach to data storage is to avoid storing data at all. Unfortunately, this is not feasible for many applications. is to avoid storing data at all. Unfortunately, this is not feasible for many applications.
As part of the design process, you should always consider what data your application handles and how you can best reduce the amount of data that is stored. How and where the data is stored is another important consideration.
How and when data should be available
You need to consider what states will exist and what data should be accessible in those states. For example, if your application handles cryptographic key material, typically, it should not be accessible or memory resident when the application is in a locked state and should only be made available following user authentication.
Creating a design plan showing the different state transitions, and what data should be accessible in each, will help you to reduce the exposure of data within your application.
How access to the application will be protected
If your application is handling particularly important data, such as financial or corporate data, consider implementing client-side authentication. Forcing a user to authenticate can offer some mitigation against unauthorized access in the event a device is lost or stolen.
Where possible, you should also combine it with authentication via iOS’ LocalAuthentication framework and TouchID, which can offer validation that the user is physically present, providing no tampering has taken place. which can offer validation
What entry points exist
Identifying the entry points to your application at an early stage can help you recognize areas where potentially tainted data may be introduced. Armed with this information, you can define the types and format of the data that can enter your application, building appropriate sanitization rules to parse this data along the way.
How third-party components affect the application
An often unexplored design consideration is the impact and security of any third-party libraries that you might be using.
Using third-party libraries grants the library developer the equivalent to code execution within your application, as well as access to your application’s data. This has led to many instances of abuse in the past.
The Mobile Application Hacker’s Handbook by dominic chell, tyrone erasmus, Shaun colley, and ollie whitehouse With a little thought and a carefully constructed design plan, you can preempt common vulnerabilities before development. For more on writing secure iOS applications, check out

Recommended

web application security
web application security web application security
web application security
ahmed sami
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
eLearning Papers
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbm
Arjun BM
 
Primero Project Brief April 2015_v2
Primero Project Brief April 2015_v2Primero Project Brief April 2015_v2
Primero Project Brief April 2015_v2Robert MacTavish
 
API security
API securityAPI security
API security
Eduards Salnikovs
 
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...David Cunningham
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 

Recommended

web application security
web application security web application security
web application security
ahmed sami
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
eLearning Papers
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbm
Arjun BM
 
Primero Project Brief April 2015_v2
Primero Project Brief April 2015_v2Primero Project Brief April 2015_v2
Primero Project Brief April 2015_v2Robert MacTavish
 
API security
API securityAPI security
API security
Eduards Salnikovs
 
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...David Cunningham
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 
OCTOWIRE
OCTOWIREOCTOWIRE
OCTOWIREOctogence
 
Secure development
Secure developmentSecure development
Secure development
Ahmed Gamil
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
zilberberg
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consultingguest4cee27ac
 
LogRhythm E Phi Use Case
LogRhythm E Phi Use CaseLogRhythm E Phi Use Case
LogRhythm E Phi Use Casejordagro
 
Digital Asset Management and Image Compliance
Digital Asset Management and Image ComplianceDigital Asset Management and Image Compliance
Digital Asset Management and Image Compliance
IntelligenceBank Marketing
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
Arjun BM
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
NARESH GUMMAGUTTA
 
Common hacking tactics
Common hacking tacticsCommon hacking tactics
Common hacking tacticsFariha Khudzri
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
bdemchak
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
HPCC Systems
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
NextLabs, Inc.
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
NextLabs, Inc.
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iot
gingell
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
Dignitas Digital Pvt. Ltd.
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 
Top ten cat videos
Top ten cat videosTop ten cat videos
Top ten cat videos
fionajean21
 
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15Yamuna Reddi
 

More Related Content

What's hot

Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 
Secure development
Secure developmentSecure development
Secure development
Ahmed Gamil
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
zilberberg
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consultingguest4cee27ac
 
LogRhythm E Phi Use Case
LogRhythm E Phi Use CaseLogRhythm E Phi Use Case
LogRhythm E Phi Use Casejordagro
 
Digital Asset Management and Image Compliance
Digital Asset Management and Image ComplianceDigital Asset Management and Image Compliance
Digital Asset Management and Image Compliance
IntelligenceBank Marketing
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
Arjun BM
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
NARESH GUMMAGUTTA
 
Common hacking tactics
Common hacking tacticsCommon hacking tactics
Common hacking tacticsFariha Khudzri
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
bdemchak
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
HPCC Systems
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
NextLabs, Inc.
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
NextLabs, Inc.
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iot
gingell
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
Dignitas Digital Pvt. Ltd.
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 

What's hot (20)

Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
 
OCTOWIRE
OCTOWIREOCTOWIRE
OCTOWIRE
 
Secure development
Secure developmentSecure development
Secure development
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consulting
 
LogRhythm E Phi Use Case
LogRhythm E Phi Use CaseLogRhythm E Phi Use Case
LogRhythm E Phi Use Case
 
Digital Asset Management and Image Compliance
Digital Asset Management and Image ComplianceDigital Asset Management and Image Compliance
Digital Asset Management and Image Compliance
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
 
Common hacking tactics
Common hacking tacticsCommon hacking tactics
Common hacking tactics
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iot
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-us
 

Viewers also liked

Top ten cat videos
Top ten cat videosTop ten cat videos
Top ten cat videos
fionajean21
 
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15Yamuna Reddi
 
Website widestate
Website widestateWebsite widestate
Website widestate
Widestate Integration Pvt. Ltd.
 
About a girl
About a girlAbout a girl
About a girl
moniday
 
Salut!
Salut!Salut!
Salut!
LadaBu
 
Cosmetics
CosmeticsCosmetics
Cosmetics
Kris Bekker
 
greisy
greisygreisy
greisy
greisypame
 
Windows10 why upgrade
Windows10 why upgradeWindows10 why upgrade
Windows10 why upgrade
Suresh Ramani
 
12 Ways to Develop Secure Windows Phone Applications
12 Ways to Develop Secure Windows Phone Applications12 Ways to Develop Secure Windows Phone Applications
12 Ways to Develop Secure Windows Phone Applications
Wiley
 
Spectrum 2014-Communicating with Others – Research Says! Handout
Spectrum 2014-Communicating with Others – Research Says! HandoutSpectrum 2014-Communicating with Others – Research Says! Handout
Spectrum 2014-Communicating with Others – Research Says! Handout
Kelly Schrank, MA, ELS
 
Physical and psychological development.
Physical and psychological development.Physical and psychological development.
Physical and psychological development.
Miguel Méndez
 
Dress the Part-HR
Dress the Part-HRDress the Part-HR
Dress the Part-HRAmy Odom
 

Viewers also liked (17)

Top ten cat videos
Top ten cat videosTop ten cat videos
Top ten cat videos
 
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
~Networking Events in Chicago by Yamuna~ September 2015 -- updated 09.08.15
 
Website widestate
Website widestateWebsite widestate
Website widestate
 
About a girl
About a girlAbout a girl
About a girl
 
Salut!
Salut!Salut!
Salut!
 
Cosmetics
CosmeticsCosmetics
Cosmetics
 
CJHUGHES_CV
CJHUGHES_CVCJHUGHES_CV
CJHUGHES_CV
 
ResumeD-LSisterman-Aug2015
ResumeD-LSisterman-Aug2015ResumeD-LSisterman-Aug2015
ResumeD-LSisterman-Aug2015
 
greisy
greisygreisy
greisy
 
Windows10 why upgrade
Windows10 why upgradeWindows10 why upgrade
Windows10 why upgrade
 
ANDREW NORRIS_CV
ANDREW NORRIS_CVANDREW NORRIS_CV
ANDREW NORRIS_CV
 
12 Ways to Develop Secure Windows Phone Applications
12 Ways to Develop Secure Windows Phone Applications12 Ways to Develop Secure Windows Phone Applications
12 Ways to Develop Secure Windows Phone Applications
 
CV
CVCV
CV
 
ekriti_the_idea
ekriti_the_ideaekriti_the_idea
ekriti_the_idea
 
Spectrum 2014-Communicating with Others – Research Says! Handout
Spectrum 2014-Communicating with Others – Research Says! HandoutSpectrum 2014-Communicating with Others – Research Says! Handout
Spectrum 2014-Communicating with Others – Research Says! Handout
 
Physical and psychological development.
Physical and psychological development.Physical and psychological development.
Physical and psychological development.
 
Dress the Part-HR
Dress the Part-HRDress the Part-HR
Dress the Part-HR
 

Similar to How to Protect Data in Your iOS Application

Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
venkatprasadvadla1
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile Apps
Mays Mrayyan
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
Techugo
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015Francisco Anes
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling model
Jose Guerrero
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
nimbleappgenie
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
Cognizant
 
Security in Mobile App Development Protecting User Data and Preventing Cybera...
Security in Mobile App Development Protecting User Data and Preventing Cybera...Security in Mobile App Development Protecting User Data and Preventing Cybera...
Security in Mobile App Development Protecting User Data and Preventing Cybera...
madhuri871014
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
TecsyntSolutions
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
asiyahanif9977
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
asiyahanif9977
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control
Aneel Mitra
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
GMATechnologies1
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
FuGenx Technologies
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
PixelQA
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
Groovy Web
 

Similar to How to Protect Data in Your iOS Application (20)

Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile Apps
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New Block
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling model
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
 
Security in Mobile App Development Protecting User Data and Preventing Cybera...
Security in Mobile App Development Protecting User Data and Preventing Cybera...Security in Mobile App Development Protecting User Data and Preventing Cybera...
Security in Mobile App Development Protecting User Data and Preventing Cybera...
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 

More from Wiley

Publisher as Strategic Partner for Societies October 2019
Publisher as Strategic Partner for Societies October 2019Publisher as Strategic Partner for Societies October 2019
Publisher as Strategic Partner for Societies October 2019
Wiley
 
19 Inspiring Books by Jon Gordon
19 Inspiring Books by Jon Gordon19 Inspiring Books by Jon Gordon
19 Inspiring Books by Jon Gordon
Wiley
 
3 Big Myths That Hold Women Back
3 Big Myths That Hold Women Back3 Big Myths That Hold Women Back
3 Big Myths That Hold Women Back
Wiley
 
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
Wiley
 
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
Wiley
 
A Celebration of Women's History Month
A Celebration of Women's History MonthA Celebration of Women's History Month
A Celebration of Women's History Month
Wiley
 
Leadership Is for Everyone
Leadership Is for EveryoneLeadership Is for Everyone
Leadership Is for Everyone
Wiley
 
The Five Leadership Practices that Improve Sales Success
The Five Leadership Practices that Improve Sales SuccessThe Five Leadership Practices that Improve Sales Success
The Five Leadership Practices that Improve Sales Success
Wiley
 
7 Steps to Develop Well-Designed Course Objectives
7 Steps to Develop Well-Designed Course Objectives7 Steps to Develop Well-Designed Course Objectives
7 Steps to Develop Well-Designed Course Objectives
Wiley
 
Today's Students: 7 Powerful Facts
Today's Students: 7 Powerful FactsToday's Students: 7 Powerful Facts
Today's Students: 7 Powerful Facts
Wiley
 
Should you get an MBA?
Should you get an MBA?Should you get an MBA?
Should you get an MBA?
Wiley
 
Valuing International Collaboration in Research
Valuing International Collaboration in ResearchValuing International Collaboration in Research
Valuing International Collaboration in Research
Wiley
 
Leadership Makes a Difference
Leadership Makes a DifferenceLeadership Makes a Difference
Leadership Makes a Difference
Wiley
 
5 Reasons to Earn Your CPA License WEL
5 Reasons to Earn Your CPA License WEL5 Reasons to Earn Your CPA License WEL
5 Reasons to Earn Your CPA License WELWiley
 
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...Wiley
 
An Educator's Guide to Cheating
An Educator's Guide to CheatingAn Educator's Guide to Cheating
An Educator's Guide to Cheating
Wiley
 
Mine the Gap: Using Handouts With Gaps
Mine the Gap: Using Handouts With GapsMine the Gap: Using Handouts With Gaps
Mine the Gap: Using Handouts With Gaps
Wiley
 
Get Your Students Motivated: Tips for the Classroom
Get Your Students Motivated: Tips for the ClassroomGet Your Students Motivated: Tips for the Classroom
Get Your Students Motivated: Tips for the Classroom
Wiley
 
Level I CFA Exam 2017 Curriculum Updates
Level I CFA Exam 2017 Curriculum UpdatesLevel I CFA Exam 2017 Curriculum Updates
Level I CFA Exam 2017 Curriculum Updates
Wiley
 
6 Steps to Hire Someone with Soft Skills
6 Steps to Hire Someone with Soft Skills6 Steps to Hire Someone with Soft Skills
6 Steps to Hire Someone with Soft Skills
Wiley
 

More from Wiley (20)

Publisher as Strategic Partner for Societies October 2019
Publisher as Strategic Partner for Societies October 2019Publisher as Strategic Partner for Societies October 2019
Publisher as Strategic Partner for Societies October 2019
 
19 Inspiring Books by Jon Gordon
19 Inspiring Books by Jon Gordon19 Inspiring Books by Jon Gordon
19 Inspiring Books by Jon Gordon
 
3 Big Myths That Hold Women Back
3 Big Myths That Hold Women Back3 Big Myths That Hold Women Back
3 Big Myths That Hold Women Back
 
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
The 5 Types of Meetings Project Managers Need to Master-Slide Deck Number Thr...
 
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
The 5 Types of Meetings Project Managers Need to Master - Slide Deck Number T...
 
A Celebration of Women's History Month
A Celebration of Women's History MonthA Celebration of Women's History Month
A Celebration of Women's History Month
 
Leadership Is for Everyone
Leadership Is for EveryoneLeadership Is for Everyone
Leadership Is for Everyone
 
The Five Leadership Practices that Improve Sales Success
The Five Leadership Practices that Improve Sales SuccessThe Five Leadership Practices that Improve Sales Success
The Five Leadership Practices that Improve Sales Success
 
7 Steps to Develop Well-Designed Course Objectives
7 Steps to Develop Well-Designed Course Objectives7 Steps to Develop Well-Designed Course Objectives
7 Steps to Develop Well-Designed Course Objectives
 
Today's Students: 7 Powerful Facts
Today's Students: 7 Powerful FactsToday's Students: 7 Powerful Facts
Today's Students: 7 Powerful Facts
 
Should you get an MBA?
Should you get an MBA?Should you get an MBA?
Should you get an MBA?
 
Valuing International Collaboration in Research
Valuing International Collaboration in ResearchValuing International Collaboration in Research
Valuing International Collaboration in Research
 
Leadership Makes a Difference
Leadership Makes a DifferenceLeadership Makes a Difference
Leadership Makes a Difference
 
5 Reasons to Earn Your CPA License WEL
5 Reasons to Earn Your CPA License WEL5 Reasons to Earn Your CPA License WEL
5 Reasons to Earn Your CPA License WEL
 
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...
From DBA to EBA: A Five-year Story from a Consortium Shared E-Book Collection...
 
An Educator's Guide to Cheating
An Educator's Guide to CheatingAn Educator's Guide to Cheating
An Educator's Guide to Cheating
 
Mine the Gap: Using Handouts With Gaps
Mine the Gap: Using Handouts With GapsMine the Gap: Using Handouts With Gaps
Mine the Gap: Using Handouts With Gaps
 
Get Your Students Motivated: Tips for the Classroom
Get Your Students Motivated: Tips for the ClassroomGet Your Students Motivated: Tips for the Classroom
Get Your Students Motivated: Tips for the Classroom
 
Level I CFA Exam 2017 Curriculum Updates
Level I CFA Exam 2017 Curriculum UpdatesLevel I CFA Exam 2017 Curriculum Updates
Level I CFA Exam 2017 Curriculum Updates
 
6 Steps to Hire Someone with Soft Skills
6 Steps to Hire Someone with Soft Skills6 Steps to Hire Someone with Soft Skills
6 Steps to Hire Someone with Soft Skills
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

How to Protect Data in Your iOS Application

  • 1. How to Protect Data in Your iOS Application
  • 2. In most mobile applications, data is the thing that’s of most interest to an attacker.
  • 3. As such, it’s crucial to look at how your data is received, processed, transmitted, and ultimately destroyed.
  • 4. By considering the following general design principles, you can protect data within your application and reduce the likelihood of it being intercepted or compromised by an attacker.
  • 5. How data is stored in the application
  • 6. The best approach to data storage is to avoid storing data at all. Unfortunately, this is not feasible for many applications. is to avoid storing data at all. Unfortunately, this is not feasible for many applications.
  • 7. As part of the design process, you should always consider what data your application handles and how you can best reduce the amount of data that is stored. How and where the data is stored is another important consideration.
  • 8. How and when data should be available
  • 9. You need to consider what states will exist and what data should be accessible in those states. For example, if your application handles cryptographic key material, typically, it should not be accessible or memory resident when the application is in a locked state and should only be made available following user authentication.
  • 10. Creating a design plan showing the different state transitions, and what data should be accessible in each, will help you to reduce the exposure of data within your application.
  • 11. How access to the application will be protected
  • 12. If your application is handling particularly important data, such as financial or corporate data, consider implementing client-side authentication. Forcing a user to authenticate can offer some mitigation against unauthorized access in the event a device is lost or stolen.
  • 13. Where possible, you should also combine it with authentication via iOS’ LocalAuthentication framework and TouchID, which can offer validation that the user is physically present, providing no tampering has taken place. which can offer validation
  • 15. Identifying the entry points to your application at an early stage can help you recognize areas where potentially tainted data may be introduced. Armed with this information, you can define the types and format of the data that can enter your application, building appropriate sanitization rules to parse this data along the way.
  • 17. An often unexplored design consideration is the impact and security of any third-party libraries that you might be using.
  • 18. Using third-party libraries grants the library developer the equivalent to code execution within your application, as well as access to your application’s data. This has led to many instances of abuse in the past.
  • 19. The Mobile Application Hacker’s Handbook by dominic chell, tyrone erasmus, Shaun colley, and ollie whitehouse With a little thought and a carefully constructed design plan, you can preempt common vulnerabilities before development. For more on writing secure iOS applications, check out