Chapter 3. Identifying the Flaws in Local Storage
"A false sense of security is worse than being unsure" | ||
--Anonymous |
In the previous chapter, we set up a lab to perform pentesting on iOS applications. We now have a good understanding of how to install third-party iOS apps, transfer files, and various other concepts about tools and utilities that are required to pentest. In this chapter, we will take a look at the insecure data storage vulnerability of iOS applications.
We will look at the following topics:
- Introduction to insecure data storage
- Installing third-party applications
- Insecure data in the plist files
- Insecure storage in the NSUserDefaults class
- Insecure storage in SQLite database
- SQL injection in iOS applications
- Insecure storage in Core Data
- Insecure storage in keychain