Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
How to Protect Data
in Your iOS Application
In most mobile applications,
data is the thing that’s of
most interest to an attacker.
As such, it’s crucial to
look at how your data is
received, processed,
transmitted, and
ultimately destroyed.
By considering the following
general design principles,
you can protect data within
your application and reduce
the likeli...
How data is stored
in the application
The best approach to data storage
is to avoid storing data at all.
Unfortunately, this is not feasible
for many applicatio...
As part of the design process,
you should always consider what
data your application handles
and how you can best reduce t...
How and when data
should be available
You need to consider what states
will exist and what data should
be accessible in those states.
For example, if your appli...
Creating a design
plan showing the
different state
transitions, and
what data should be
accessible in each,
will help you ...
How access to
the application
will be protected
If your application is handling
particularly important data,
such as financial or corporate data,
consider implementing cli...
Where possible, you should
also combine it with
authentication via iOS’
LocalAuthentication
framework and TouchID,
which c...
What entry points
exist
Identifying the entry points to your
application at an early stage can
help you recognize areas where
potentially tainted ...
How third-party
components affect
the application
An often unexplored design
consideration is the impact and
security of any third-party libraries
that you might be using.
Using third-party libraries grants
the library developer the equivalent
to code execution within your
application, as well...
The Mobile
Application
Hacker’s
Handbook
by dominic chell, tyrone erasmus,
Shaun colley, and ollie whitehouse
With a littl...
Nächste SlideShare
Wird geladen in …5
×

How to Protect Data in Your iOS Application

715 Aufrufe

Veröffentlicht am

Learn to protect data and reduce the likelihood of it being compromised by an attacker. Knowing how data is stored, processed, transmitted, and destroyed goes a long way in keeping it safe.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

How to Protect Data in Your iOS Application

  1. 1. How to Protect Data in Your iOS Application
  2. 2. In most mobile applications, data is the thing that’s of most interest to an attacker.
  3. 3. As such, it’s crucial to look at how your data is received, processed, transmitted, and ultimately destroyed.
  4. 4. By considering the following general design principles, you can protect data within your application and reduce the likelihood of it being intercepted or compromised by an attacker.
  5. 5. How data is stored in the application
  6. 6. The best approach to data storage is to avoid storing data at all. Unfortunately, this is not feasible for many applications. is to avoid storing data at all. Unfortunately, this is not feasible for many applications.
  7. 7. As part of the design process, you should always consider what data your application handles and how you can best reduce the amount of data that is stored. How and where the data is stored is another important consideration.
  8. 8. How and when data should be available
  9. 9. You need to consider what states will exist and what data should be accessible in those states. For example, if your application handles cryptographic key material, typically, it should not be accessible or memory resident when the application is in a locked state and should only be made available following user authentication.
  10. 10. Creating a design plan showing the different state transitions, and what data should be accessible in each, will help you to reduce the exposure of data within your application.
  11. 11. How access to the application will be protected
  12. 12. If your application is handling particularly important data, such as financial or corporate data, consider implementing client-side authentication. Forcing a user to authenticate can offer some mitigation against unauthorized access in the event a device is lost or stolen.
  13. 13. Where possible, you should also combine it with authentication via iOS’ LocalAuthentication framework and TouchID, which can offer validation that the user is physically present, providing no tampering has taken place. which can offer validation
  14. 14. What entry points exist
  15. 15. Identifying the entry points to your application at an early stage can help you recognize areas where potentially tainted data may be introduced. Armed with this information, you can define the types and format of the data that can enter your application, building appropriate sanitization rules to parse this data along the way.
  16. 16. How third-party components affect the application
  17. 17. An often unexplored design consideration is the impact and security of any third-party libraries that you might be using.
  18. 18. Using third-party libraries grants the library developer the equivalent to code execution within your application, as well as access to your application’s data. This has led to many instances of abuse in the past.
  19. 19. The Mobile Application Hacker’s Handbook by dominic chell, tyrone erasmus, Shaun colley, and ollie whitehouse With a little thought and a carefully constructed design plan, you can preempt common vulnerabilities before development. For more on writing secure iOS applications, check out

×