Penetration Testing iOS Apps

Brochure Image

by Ken van Wyk download a PDF brochure Download Event Brochure


This class takes a deep dive into techniques for testing the security of iOS apps. Students will learn how to statically and dynamically analyze iOS apps for implementation as well as architectural security defects. After a brief description of the iOS hardware and software security architecture, the class steps through a myriad of security pitfalls made by many developers. Each weakness is described in detail and explored in hands-on labs to enable students to fully understand and internalize the details. The pitfalls covered start with simple problems and escalate steadily to more and more advanced problems, culminating in the use of “Man in the App” attacks against running apps. Using MitA techniques, the apps’ architecture is actively probed and explored via weaknesses in the underlying Objective C run-time environment to look for exploitable weaknesses in client-side security controls. This range of static and dynamic app analysis allows the tester to perform a broad range of security tests on any iOS app target.

Requirements: In order to be able to participate in the hands-on exercises, each student will need a laptop computer with a complete iOS development environment (XCode) installed. (Available for free from Apple Computer, Inc.) To perform all exercises including the MitA attacks, a jailbroken iOS device is needed. We recommend using a dedicated test device for the testing.

What you will learn

  • A detailed working knowledge of Apple's iOS operating system's security architecture
  • A detailed working knowledge of common iOS app security defects
  • How to conduct static analysis of an iOS app to find common security defects
  • How to conduct dynamic analysis of an iOS app to find architectural and communications security defects
  • A fundamental knowledge of how security remediations can be implemented to prevent common security defects in iOS apps

Main Topics

  • Introduction to the problem
  • Platform security architecture
  • Application architecture
  • Jailbreaking
  • Dynamic analysis of the run-time
  • Bringing it all together