We all love mobile devices, being it a smartphone, a tablet, a music/video player. They're so flexible that we use them to interact with other people (voice, text, video), set likes on friends posts, post that last amazing picture online, check your finances, buy stuff, etc. We do all this private, personal stuff because we trust the device, we trust the operating system, we trust the applications we use.
Should we ?
In this talk we will be exploring the iOS operating system and it's applications from the perspective of a penetration tester.
What do I need to setup a pentest environment ?
What kind of tools can I use ?
Where do I start ?
What I can do ?
We'll be going through:
- iOS Security features
- Client component of an app: data storage, application manipulation,
- Network component of an app
- Server component of an app
There will be some tips along the way for iOS developers on how to build secure applications.