Developing Secure Applications for the iPhone
Venue: Visconti Palace Hotel
|Event Date/Time: May 12, 2011||End Date/Time: May 13, 2011|
This class looks at the unique security problems faced by application developers writing code for todayâ€™s mobile platforms. In this first class of the smart phone series, we take a close look at Appleâ€™s iOS platform used by iPhones, iPads, and iPod Touch devices. The class presents a clear and practical view of the problems, how they can be attacked, as well as remediation steps against the various attacks. It is heavily hands-on driven to not just describe but demonstrate both the problems and the solutions available.
This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of relevant the Open Web Application Security Projectâ€™s (OWASP) Top 10 of 2010 security defects. These defects are studied in instructor-lead sessions as well as in hands-on lab exercises in which each student learns how to actually exploit the defects to â€œbreak intoâ€ a real Web application. (The labs are performed in safe test environments.)
Next, the class covers the security principles that apply to smart phones, as well as illustrates them through Case Studies and further hands-on exercises. The iOS platform architecture and application architecture are then covered in detail, with descriptions of security services at the network/platform layer as well as security services available within the applications themselves.
The class then looks at common security mechanisms found within applications, and discusses how to securely implement them in applications.
To bring this all together, the class then covers development activities that can be performed throughout the design, implementation, and testing of an application.
Preparation phase: understanding the problem
Security principles for smart phones
Continued hands-on exercises
Common security mechanisms
Design review using Threat Modeling