Secure & Defensive Programming for iOS

Course Description

iOS applications are affected by issues inherent to the iOS platform and issues shared with other types of mainstream software. Developers must be familiar with both types of risks to design and develop applications resilient to common attacks. Building on the Foundations of iOS Security course, this course teaches effective techniques for programming for iOS to address common risks in iOS applications.

Course Themes

  • Recommend methods for secure inter-process and network communications
  • Describe methods for secure use of the iOS permission model
  • Introduce ways to ensure the protection of sensitive data on iOS devices
  • Outline best practices for input validation and output encoding
  • Describe strong access control mechanisms

Learning Objectives

  • Identify security risks relevant to iOS applications
  • Leverage native iOS controls and features in a secure manner
  • Apply defensive programming techniques to mitigate common security risks in iOS applications

Course Outline

  1. Preventing Injection Issues
  2. Preventing Data Leakage
  3. Leveraging Channel Security
  4. Secure Data Storage
  5. Performing Password-Based Encryption
  6. Selecting a Data Protection Approach
  7. Performing Strong Authentication
  8. Enforcing Server-Side Controls
  9. Securing URL Schemes
  10. Using Cryptography Securely
  11. Mitigating Memory Corruption Issues
  12. Defending against Reverse Engineering
  13. Device Interrogation

Details

Delivery Format: eLearning

Duration: 3/4 Hour

Level: Advanced

Intended Audience:

  • Developers
  • QA Engineers
  • Architects
  • Application Security Specialists

Competencies: Familiarity with the Objective C programming language and web technologies

Prerequisites: 

Get more course information