Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

Fundamentals of iOS

Course Description

Apple’s iOS platform provides an always-expanding set of features for creating terrific user-focused applications. But these applications are still prone to security vulnerabilities, whether iOS-specific or common across platforms. This course provides an overview of the iOS operating system architecture and security issues affecting iOS applications.

Learning Objectives

  • Describe the iOS architecture
  • Determine the correct application type for an application’s needs
  • Evaluate the security implications of the language used to write iOS applications
  • Describe platform security controls
  • Identify common iOS application vulnerabilities

Details

Delivery Format: eLearning

Duration: 1.5 Hours

Level: Advanced

Intended Audience:

  • Architects
  • Back-End Developers
  • Development Managers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Competencies: None

Prerequisites: 

Course Outline

Overview and Mobile Device Usage

  • Mobile Device Usage
  • Simplified Tasks
  • Required Functionality
  • Constant Connectivity
  • Multi-Personal Device
  • User Workflow Expectations
  • Lost/Stolen

Platform Overview and Integrated Controls

  • Unix Base
  • Integrated Security Controls
  • Integrated Security Controls: Data Execution Prevention (DEP)
  • Integrated Security Controls: Address Space Layout Randomization
  • Integrated Security Controls: Stack Canaries
  • Integrated Security Controls: Secure Enclave
  • Integrated Security Controls: Closed System
  • Apple Watch Additional Controls

Development and Application Structure

  • SDK: iOS Architecture Layers
  • SDK: High-Level APIs and Hybrid Frameworks
  • Application Structure
  • IPA Application Structure
  • Extension Points on Apple Platforms

Common iOS Platform Issues

  • Reverse Engineering
  • Jailbreaking Overview
  • Perspectives on Jailbreaking
  • Memory Management

Platform Security Controls

  • Platform Security Controls
  • Application Sandboxing Introduction
  • Application Sandbox
  • Nonapplication Sandbox Storage Options: Introduction
  • Outside Application Sandbox Storage
  • Interprocess Communication (IPC): URL Scheme
  • IPC Keychain Sharing (Keychain Access Groups)
  • IPC: Pasteboard (Named and General)
  • IPC Extensions
  • Keychain and Biometric Security
  • Cryptography and Certificate Management
  • Privacy Controls

Application Issues: Authentication/Authorization and Communications

  • Authentication
  • Authentication Scenarios
  • Authorization
  • Communication Issues
  • Interprocess Communication (IPC)

Application Issues: Input and Storage

  • Data Representation and Validation
  • Cryptographic Issues
  • The Many Forms of Local Storage
  • Data Protection: API
  • Data Protection: Potential Weakness
  • Leaky Databases
  • Mobile Data Breaches

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster