Guidelines on mobile application security – iOS edition
In this e-book you will find good practices and guidelines for securing iOS applications. We show in detail not only the most vulnerable issues but also how to protect them.
This guide was written with developers in mind who are interested in iOS app security. It addresses subjects that are often troublesome and encountered in pentests, according to our experience. Each chapter includes a thorough overview of a problem as well as current best practices, code samples, and implementation guidance. We provide a list of key issues to concentrate on in the process of developing high-risk mobile applications – for example, applications that process financial, private, or personal data – at the end of each chapter.
Topics covered in this guide:
- Secure secrets storage on iOS
- Secure networking on iOS
- Implementing secure WebView iOS applications
- Reverse Engineering protections
- Local authorization
Keep in mind that both security mechanisms and attack techniques are constantly evolving, thus both developers as well as security professionals should be always at alert and constantly update their knowledge on current best practices and standards.
In addition to that, the good and secure SDLC process should include Threat Modelling at the beginning and Penetration Testing at the end.
We also recommend following us in social media to keep up to date with current security issues..
If you have any comments, a change request, want to provide any feedback, or help with future development of this document, please don’t hesitate to use our contact form.
Head of Mobile Security