"A false sense of security is worse than being unsure" | ||
--Anonymous |
In the previous chapter, we set up a lab to perform pentesting on iOS applications. We now have a good understanding of how to install third-party iOS apps, transfer files, and various other concepts about tools and utilities that are required to pentest. In this chapter, we will take a look at the insecure data storage vulnerability of iOS applications.
We will look at the following topics:
Introduction to insecure data storage
Installing third-party applications
Insecure data in the plist files
Insecure storage in the NSUserDefaults class
Insecure storage in SQLite database
SQL injection in iOS applications
Insecure storage in Core Data
Insecure storage in keychain