In iOS, app pentesting has two parts; one is the pentesting app on a device and the second part is assessing backend web APIs. You have studied one of the important concept of intercepting an iOS application's network traffic on iDevice and iOS Simulator for HTTP and HTTPS. Now, you are good to perform web application attacks for an iOS application's backend components.
In the next chapter, you will study how an iOS application leaks sensitive information via side channels and how to identify them.