دانلود کتاب iOS application security: the definitive guide for hackers and developers

فهرست مطالب :

About the Author
About the Technical Reviewer
Brief Contents
Contents in Detail
Foreword by Alex Stamos
Acknowledgments
Introduction
Who This Book Is For
What's in This Book
How This Book Is Structured
Conventions This Book Follows
A Note on Swift
Mobile Security Promises and Threats
What Mobile Apps Shouldn't Be Able to Do
Classifying Mobile Security Threats in This Book
Some Notes for iOS Security Testers
Part I: iOS Fundamentals
Chapter 1: The iOS Security Model
Secure Boot
Limiting Access with the App Sandbox Data Protection and Full-Disk Encryption The Encryption Key Hierarchy
The Keychain API
The Data Protection API
Native Code Exploit Mitigations: ASLR, XN, and Friends
Jailbreak Detection
How Effective Is App Store Review?
Bridging from WebKit
Dynamic Patching
Intentionally Vulnerable Code
Embedded Interpreters
Closing Thoughts
Chapter 2: Objective-C for the Lazy
Key iOS Programming Technology
Passing Messages
Dissecting an Objective-C Program
Declaring an Interface
Inside an Implementation File
Specifying Callbacks with Blocks
How Objective-C Manages Memory Automatic Reference Counting Delegates and Protocols
Should Messages
Will Messages
Did Messages
Declaring and Conforming to Protocols
The Dangers of Categories
Method Swizzling
Closing Thoughts
Chapter 3: iOS Application Anatomy
Dealing with plist Files
Device Directories
The Bundle Directory
The Data Directory
The Documents and Inbox Directories
The Library Directory
The tmp Directory
The Shared Directory
Closing Thoughts
Part II: Security Testing
Chapter 4: Building Your Test Platform
Taking Off the Training Wheels
Suggested Testing Devices Testing with a Device vs. Using a Simulator Network and Proxy Setup
Bypassing TLS Validation
Bypassing SSL with stunnel
Certificate Management on a Device
Proxy Setup on a Device
Xcode and Build Setup
Make Life Difficult
Enabling Full ASLR
Clang and Static Analysis
Address Sanitizer and Dynamic Analysis
Monitoring Programs with Instruments
Activating Instruments
Watching Filesystem Activity with Watchdog
Closing Thoughts
Chapter 5: Debugging with lldb and Friends
Useful Features in lldb
Working with Breakpoints
Navigating Frames and Variables Visually Inspecting Objects Manipulating Variables and Properties
Breakpoint Actions
Using llbd for Security Analysis
Fault Injection
Tracing Data
Examining Core Frameworks
Closing Thoughts
Chapter 6: Black-Box Testing
Installing Third-Party Apps
Using a .app Directory
Using a .ipa Package File
Decrypting Binaries
Launching the debugserver on the Device
Locating the Encrypted Segment
Dumping Application Memory
Reverse Engineering from Decrypted Binaries
Inspecting Binaries with otool
Obtaining Class Information with class-dump