Fundamentals of iOS

Course Description

Apple’s iOS platform provides an always-expanding set of features for creating terrific user-focused applications. But these applications are still prone to security vulnerabilities, whether iOS-specific or common across platforms. This course provides an overview of the iOS operating system architecture and security issues affecting iOS applications.

Learning Objectives

  • Describe the iOS architecture
  • Determine the correct application type for an application’s needs
  • Evaluate the security implications of the language used to write iOS applications
  • Describe platform security controls
  • Identify common iOS application vulnerabilities

Details

Delivery Format: eLearning

Duration: 1.5 Hours

Level: Advanced

Intended Audience:

  • Architects
  • Back-End Developers
  • Development Managers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Competencies: None

Prerequisites: 

Course Outline

Overview and Mobile Device Usage

  • Mobile Device Usage
  • Simplified Tasks
  • Required Functionality
  • Constant Connectivity
  • Multi-Personal Device
  • User Workflow Expectations
  • Lost/Stolen

Platform Overview and Integrated Controls

  • Unix Base
  • Integrated Security Controls
  • Integrated Security Controls: Data Execution Prevention (DEP)
  • Integrated Security Controls: Address Space Layout Randomization
  • Integrated Security Controls: Stack Canaries
  • Integrated Security Controls: Secure Enclave
  • Integrated Security Controls: Closed System
  • Apple Watch Additional Controls

Development and Application Structure

  • SDK: iOS Architecture Layers
  • SDK: High-Level APIs and Hybrid Frameworks
  • Application Structure
  • IPA Application Structure
  • Extension Points on Apple Platforms

Common iOS Platform Issues

  • Reverse Engineering
  • Jailbreaking Overview
  • Perspectives on Jailbreaking
  • Memory Management

Platform Security Controls

  • Platform Security Controls
  • Application Sandboxing Introduction
  • Application Sandbox
  • Nonapplication Sandbox Storage Options: Introduction
  • Outside Application Sandbox Storage
  • Interprocess Communication (IPC): URL Scheme
  • IPC Keychain Sharing (Keychain Access Groups)
  • IPC: Pasteboard (Named and General)
  • IPC Extensions
  • Keychain and Biometric Security
  • Cryptography and Certificate Management
  • Privacy Controls

Application Issues: Authentication/Authorization and Communications

  • Authentication
  • Authentication Scenarios
  • Authorization
  • Communication Issues
  • Interprocess Communication (IPC)

Application Issues: Input and Storage

  • Data Representation and Validation
  • Cryptographic Issues
  • The Many Forms of Local Storage
  • Data Protection: API
  • Data Protection: Potential Weakness
  • Leaky Databases
  • Mobile Data Breaches

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster

Learn more about developer security training
©2025 Black Duck Software, Inc. All Rights Reserved