Book Image

Learning iOS Penetration Testing

By : Yermalkar
Book Image

Learning iOS Penetration Testing

By: Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (11 chapters)
10
Index

Hardening binary against reverse engineering


So, we studied how to reverse engineer the iOS app to view its source code. Now, the important aspect is try not to store the keys and hardcoded sensitive values at client side. Always try to store the keys at server side rather than hardcoding them in the code.

If it's not much feasible, avoid using key strings as the password, key and so on. Most of the source code analysis tools use regex to find the sensitive information.

The following is a sample Python regex:

USERNAME - (user|username|login)(\s)*=(\s)*('|")
PASSWORD - (pass|password|key)(\s)*=(\s)*('|")

Using the preceding regex expression, one can easily find out the hardcoded sensitive fields in the code. As a developer, never rely on a single technique and make use of multiple techniques to harden the iOS binary.