Defensive Programming in Objective C for iOS

Course Description

The Apple iOS platform provides a comprehensive set of features for creating versatile mobile applications. The platform’s specific architecture and security model sets it apart from other mobile operating environments. This introduces specific risks from a mobile application security perspective. This course teaches defensive programming techniques to mitigate common risks in iOS applications. First, the course introduces fundamental concepts about the platform including the iOS architecture and security model. A special emphasis is given to describing key security controls provided by the platform and how to use them correctly. In addition, this course gives a comprehensive overview of the security issues and common developer pitfalls affecting iOS applications—both generic ones and ones that are inherent to the iOS platform. The course teaches detailed techniques for mitigating risks affecting iOS applications, including:

  • Preventing information disclosure
  • Implementing proper access control
  • Strong cryptography
  • Secure input validation and data representation
  • Mitigations against reverse engineering
  • Performing secure inter-process communication
  • Using the fingerprint recognition feature, TouchID, for authentication
  • Failing securely
  • Secure network communications
  • Mitigating the risk of jailbreaking

Learning Objectives

After successfully completing this course, the student will be able to:

  • Comprehend the Apple iOS mobile platform
  • Describe the risks affecting iOS applications
  • Implement secure inter-process communications
  • Prevent sensitive information disclosure
  • Limit your mobile application’s attack surface
  • Prevent eavesdropping and man-in-the-middle attacks
  • Use generic defensive programming to write secure mobile applications

Details

Delivery Format:

  • Traditional Classroom

Duration: 8 Hours

Intended Audience:

  • Developers

 

Get more course information