AppSec Europe 2016

Hacking and Securing iOS Applications" is a one day course focused on learning how to successfully perform a Security Assessment of modern and complex iOS Applications and provide appropriate remediations for all the vulnerabilities found. This highly practical course is designed around the security issues that were often observed by the trainers during their application security assessments. This up-to-date training will be also very useful for all the iOS developers that want to know the security best-practices that are mandatory to build an application that should be able to face modern threats. Attendees will get familiar with the following topics during the class (mostly based on the OWASP Top Ten): - A thorough overview about the iOS security model, updated to iOS 9; - How to setup a lab with all the tools needed to successfully perform iOS security assessments; - Checking for local storage vulnerabilities and learning on how to correctly save sensitive files on the device; - How to check and prevent unintended data leakages; - How to safely implement SSL Pinning and check for the most common SSL vulnerabilities; - How to take advantage of some of the most useful security assessment tools through practical examples (Frida, Cycript, Snoop-it, idb, etc.) - How to obfuscate iOS code and implement appropriate checks to detect jailbroken devices; - How to reverse engineering iOS applications and acquire knowledge about the inner details of the target application.