Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It
- Autor:
- Jonathan Zdziarski
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 358
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It
If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.
This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.
- Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
- Learn how attackers infect apps with malware through code injection
- Discover how attackers defeat iOS keychain and data-protection encryption
- Use a debugger and custom code injection to manipulate the runtime Objective-C environment
- Prevent attackers from hijacking SSL sessions and stealing traffic
- Securely delete files and design your apps to prevent forensic data leakage
- Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Wybrane bestsellery
-
Jak obronić się przed atakiem? Wszystkie niezbędne informacje znajdziesz w tym wyjątkowym podręczniku. W trakcie lektury dowiesz się, jak działają hakerzy, jak wyszukują słabe punkty aplikacji oraz jak modyfikują jej kod. Ponadto nauczysz się utrudniać śledzenie kodu Twojej aplikacji oraz bezpiec...(19.90 zł najniższa cena z 30 dni)
29.49 zł
59.00 zł(-50%) -
"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!"-Andrew Sheldon, Director of Evidence Talks, computer forensics expertsWith iPhone use increasing in business networks, IT a...
iPhone Forensics. Recovering Evidence, Personal Data, and Corporate Assets iPhone Forensics. Recovering Evidence, Personal Data, and Corporate Assets
(118.15 zł najniższa cena z 30 dni)118.15 zł
139.00 zł(-15%) -
Certain technologies bring out everyone's hidden geek, and iPhone did the moment it was released. Even though Apple created iPhone as a closed device, tens of thousands of developers bought them with the express purpose of designing and running third-party software. In this clear and concise book...
iPhone Open Application Development. Write Native Objective-C Applications for the iPhone iPhone Open Application Development. Write Native Objective-C Applications for the iPhone
(118.15 zł najniższa cena z 30 dni)118.15 zł
139.00 zł(-15%) -
The iOS Interview Guide is an essential book for iOS developers who want to maximize their skills and prepare for the competitive world of interviews on their way to getting their dream job. The book covers all the crucial aspects, from writing a resume to reviewing interview questions, and passi...
The Ultimate iOS Interview Playbook. Conquer Swift, frameworks, design patterns, and app architecture for your dream job The Ultimate iOS Interview Playbook. Conquer Swift, frameworks, design patterns, and app architecture for your dream job
-
Learn the essentials of working with Flutter and Dart to build full stack applications that meet the needs of a cloud-driven world. Together, the Flutter open source UI software development kit and the Dart programming language for client development provide a unified solution to building applica...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Test-driven development is a proven way to find software bugs early. Writing tests before you code improves the structure and maintainability of your apps. This book will guide you through the steps for creating a complete app using TDD and cover the core elements of iOS apps: view controllers, v...
Test-Driven iOS Development with Swift. Write maintainable, flexible, and extensible code using the power of TDD with Swift 5.5 - Fourth Edition Test-Driven iOS Development with Swift. Write maintainable, flexible, and extensible code using the power of TDD with Swift 5.5 - Fourth Edition
-
iOS 15 Programming for Beginners is an introductory guide to learning the essentials of Swift programming and iOS development for building your first iOS app and publishing it on the App Store. Fully updated to cover the latest features in iOS 15, this practical guide will help you get up to spee...
iOS 15 Programming for Beginners. Kickstart your mobile app development journey by building iOS apps with Swift 5.5 and Xcode 13 - Sixth Edition iOS 15 Programming for Beginners. Kickstart your mobile app development journey by building iOS apps with Swift 5.5 and Xcode 13 - Sixth Edition
-
Dzięki temu przewodnikowi płynnie rozpoczniesz pisanie aplikacji we Flutterze w języku Dart. Dowiesz się, jak skonfigurować środowisko programistyczne i rozpocząć projekt. Książka poprowadzi Cię przez proces projektowania interfejsu użytkownika i funkcji umożliwiających poprawną pracę aplikacji. ...
Flutter i Dart 2 dla początkujących. Przewodnik dla twórców aplikacji mobilnych Flutter i Dart 2 dla początkujących. Przewodnik dla twórców aplikacji mobilnych
(34.90 zł najniższa cena z 30 dni)44.50 zł
89.00 zł(-50%) -
Move into iOS development by getting a firm grasp of its fundamentals, including the Xcode 13 IDE, Cocoa Touch, and the latest version of Apple's acclaimed programming language, Swift 5.5. With this thoroughly updated guide, you'll learn the Swift language, understand Apple's Xcode development to...(186.15 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
Ebook Swift. Programowanie funkcyjne dla aplikacji mobilnych autorstwa Marka Chu-Carrolla i Tony'ego Hillersona to wprowadzenie do nauki języka Swift i tworzenia aplikacji mobilnych za jego pomocą. Z publikacji Czytelnik dowie się wszystkiego, co powinien wiedzieć o języku Swift. Zobaczy też, dla...
Swift. Programowanie funkcyjne dla aplikacji mobilnych Swift. Programowanie funkcyjne dla aplikacji mobilnych
(24.90 zł najniższa cena z 30 dni)31.20 zł
39.00 zł(-20%)
Kup polskie wydanie:
Łamanie i zabezpieczanie aplikacji w systemie iOS
- Autor:
- Jonathan Zdziarski
29,49 zł
59,00 zł
(19.90 zł najniższa cena z 30 dni)
Ebooka "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-14-493-2523-7, 9781449325237
- Data wydania ebooka:
- 2012-01-17 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 3.7MB
- Rozmiar pliku Mobi:
- 9.1MB
Spis treści ebooka
- Hacking and Securing iOS Applications
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- Audience of This Book
- Organization of the Material
- Conventions Used in This Book
- Using Code Examples
- Legal Disclaimer
- Safari Books Online
- How to Contact Us
- 1. Everything You Know Is Wrong
- The Myth of a Monoculture
- The iOS Security Model
- Components of the iOS Security Model
- Device security
- Data security
- Network security
- Application security
- Components of the iOS Security Model
- Storing the Key with the Lock
- Passcodes Equate to Weak Security
- Forensic Data Trumps Encryption
- External Data Is at Risk, Too
- Hijacking Traffic
- Data Can Be Stolen...Quickly
- Trust No One, Not Even Your Application
- Physical Access Is Optional
- Summary
- I. Hacking
- 2. The Basics of Compromising iOS
- Why Its Important to Learn How to Break Into a Device
- Jailbreaking Explained
- Developer Tools
- End User Jailbreaks
- Jailbreaking an iPhone
- DFU Mode
- Tethered Versus Untethered
- 2. The Basics of Compromising iOS
- Compromising Devices and Injecting Code
- Building Custom Code
- Analyzing Your Binary
- Basic disassembly
- Listing dynamic dependencies
- Symbol table dumps
- String searches
- Testing Your Binary
- Daemonizing Code
- Deploying Malicious Code with a Tar Archive
- Grabbing signed binaries
- Preparing the archive
- Deploying the archive
- Deploying Malicious Code with a RAM Disk
- Build a custom launchd
- Breakdown of launchd example
- Building a RAM disk
- Booting a RAM disk
- Troubleshooting
- Exercises
- Summary
- 3. Stealing the Filesystem
- Full Disk Encryption
- Solid State NAND
- Disk Encryption
- Filesystem Encryption
- Protection classes
- Where iOS Disk Encryption Has Failed You
- Full Disk Encryption
- Copying the Live Filesystem
- The DataTheft Payload
- Disabling the watchdog timer
- Bringing up USB connectivity
- Payload code
- The DataTheft Payload
- Customizing launchd
- Preparing the RAM disk
- Imaging the Filesystem
- Copying the Raw Filesystem
- The RawTheft Payload
- Payload code
- The RawTheft Payload
- Customizing launchd
- Preparing the RAM disk
- Imaging the Filesystem
- Exercises
- The Role of Social Engineering
- Disabled Device Decoy
- Deactivated Device Decoy
- Malware Enabled Decoy
- Password Engineering Application
- Summary
- 4. Forensic Trace and Data Leakage
- Extracting Image Geotags
- Consolidated GPS Cache
- Extracting Image Geotags
- SQLite Databases
- Connecting to a Database
- SQLite Built-in Commands
- Issuing SQL Queries
- Important Database Files
- Address Book Contacts
- Putting it all together
- Address Book Images
- Google Maps Data
- Calendar Events
- Call History
- Email Database
- Mail attachments and message files
- Notes
- Photo Metadata
- SMS Messages
- Safari Bookmarks
- SMS Spotlight Cache
- Safari Web Caches
- Web Application Cache
- WebKit Storage
- Voicemail
- Reverse Engineering Remnant Database Fields
- SMS Drafts
- Property Lists
- Important Property List Files
- Other Important Files
- Summary
- 5. Defeating Encryption
- Sogetis Data Protection Tools
- Installing Data Protection Tools
- Building the Brute Forcer
- Building Needed Python Libraries
- Sogetis Data Protection Tools
- Extracting Encryption Keys
- The KeyTheft Payload
- Customizing Launchd
- Preparing the RAM disk
- Preparing the Kernel
- Executing the Brute Force
- Decrypting the Keychain
- Decrypting Raw Disk
- Decrypting iTunes Backups
- Defeating Encryption Through Spyware
- The SpyTheft Payload
- Daemonizing spyd
- Customizing Launchd
- Preparing the RAM disk
- Executing the Payload
- Exercises
- Summary
- 6. Unobliterating Files
- Scraping the HFS Journal
- Carving Empty Space
- Commonly Recovered Data
- Application Screenshots
- Deleted Property Lists
- Deleted Voicemail and Voice Recordings
- Deleted Keyboard Cache
- Photos and Other Personal Information
- Summary
- 7. Manipulating the Runtime
- Analyzing Binaries
- The Mach-O Format
- Introduction to class-dump-z
- Symbol Tables
- Analyzing Binaries
- Encrypted Binaries
- Calculating Offsets
- Dumping Memory
- Copy Decrypted Code Back to the File
- Resetting the cryptid
- Abusing the Runtime with Cycript
- Installing Cycript
- Using Cycript
- Breaking Simple Locks
- Replacing Methods
- Trawling for Data
- Instance variables
- Methods
- Classes
- Logging Data
- More Serious Implications
- Personal data vaults
- Payment processing applications
- Electronic banking
- Exercises
- SpringBoard Animations
- Call Tapping...Kind Of
- Making Screen Shots
- Summary
- 8. Abusing the Runtime Library
- Breaking Objective-C Down
- Instance Variables
- Methods
- Method Cache
- Breaking Objective-C Down
- Disassembling and Debugging
- Eavesdropping
- The Underlying Objective-C Framework
- Interfacing with Objective-C
- Malicious Code Injection
- The CodeTheft Payload
- Injection Using a Debugger
- Injection Using Dynamic Linker Attack
- Full Device Infection
- Summary
- 9. Hijacking Traffic
- APN Hijacking
- Payload Delivery
- Removal
- APN Hijacking
- Simple Proxy Setup
- Attacking SSL
- SSLStrip
- Paros Proxy
- Browser Warnings
- Attacking Application-Level SSL Validation
- The SSLTheft Payload
- Hijacking Foundation HTTP Classes
- The POSTTheft Payload
- Analyzing Data
- Driftnet
- Building
- Running
- Exercises
- Summary
- II. Securing
- 10. Implementing Encryption
- Password Strength
- Beware Random Password Generators
- Password Strength
- Introduction to Common Crypto
- Stateless Operations
- Stateful Encryption
- 10. Implementing Encryption
- Master Key Encryption
- Geo-Encryption
- Geo-Encryption with Passphrase
- Split Server-Side Keys
- Securing Memory
- Wiping Memory
- Public Key Cryptography
- Exercises
- 11. Counter Forensics
- Secure File Wiping
- DOD 5220.22-M Wiping
- Objective-C
- Secure File Wiping
- Wiping SQLite Records
- Keyboard Cache
- Randomizing PIN Digits
- Application Screenshots
- 12. Securing the Runtime
- Tamper Response
- Wipe User Data
- Disable Network Access
- Report Home
- Enable Logging
- False Contacts and Kill Switches
- Tamper Response
- Process Trace Checking
- Blocking Debuggers
- Runtime Class Integrity Checks
- Validating Address Space
- Inline Functions
- Complicating Disassembly
- Optimization Flags
- Stripping
- Theyre Fun! They Roll! -funroll-loops
- Exercises
- 13. Jailbreak Detection
- Sandbox Integrity Check
- Filesystem Tests
- Existence of Jailbreak Files
- Size of /etc/fstab
- Evidence of Symbolic Linking
- Page Execution Check
- 14. Next Steps
- Thinking Like an Attacker
- Other Reverse Engineering Tools
- Security Versus Code Management
- A Flexible Approach to Security
- Other Great Books
- About the Author
- SPECIAL OFFER: Upgrade this ebook with OReilly
O'Reilly Media - inne książki
-
JavaScript gives web developers great power to create rich interactive browser experiences, and much of that power is provided by the browser itself. Modern web APIs enable web-based applications to come to life like never before, supporting actions that once required browser plug-ins. Some are s...(186.15 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
How will software development and operations have to change to meet the sustainability and green needs of the planet? And what does that imply for development organizations? In this eye-opening book, sustainable software advocates Anne Currie, Sarah Hsu, and Sara Bergman provide a unique overview...(160.65 zł najniższa cena z 30 dni)
177.65 zł
209.00 zł(-15%) -
OpenTelemetry is a revolution in observability data. Instead of running multiple uncoordinated pipelines, OpenTelemetry provides users with a single integrated stream of data, providing multiple sources of high-quality telemetry data: tracing, metrics, logs, RUM, eBPF, and more. This practical gu...(143.65 zł najniższa cena z 30 dni)
152.15 zł
179.00 zł(-15%) -
Interested in developing embedded systems? Since they don't tolerate inefficiency, these systems require a disciplined approach to programming. This easy-to-read guide helps you cultivate good development practices based on classic software design patterns and new patterns unique to embedded prog...(152.15 zł najniższa cena z 30 dni)
160.65 zł
189.00 zł(-15%) -
If you use Linux in your day-to-day work, then Linux Pocket Guide is the perfect on-the-job reference. This thoroughly updated 20th anniversary edition explains more than 200 Linux commands, including new commands for file handling, package management, version control, file format conversions, an...(92.65 zł najniższa cena z 30 dni)
101.15 zł
119.00 zł(-15%) -
Gain the valuable skills and techniques you need to accelerate the delivery of machine learning solutions. With this practical guide, data scientists, ML engineers, and their leaders will learn how to bridge the gap between data science and Lean product delivery in a practical and simple way. Dav...(245.65 zł najniższa cena z 30 dni)
254.15 zł
299.00 zł(-15%) -
This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition off...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Decentralized finance (DeFi) is a rapidly growing field in fintech, having grown from $700 million to $100 billion over the past three years alone. But the lack of reliable information makes this area both risky and murky. In this practical book, experienced securities attorney Alexandra Damsker ...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Whether you're a startup founder trying to disrupt an industry or an entrepreneur trying to provoke change from within, your biggest challenge is creating a product people actually want. Lean Analytics steers you in the right direction.This book shows you how to validate your initial idea, find t...(126.65 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
When it comes to building user interfaces on the web, React enables web developers to unlock a new world of possibilities. This practical book helps you take a deep dive into fundamental concepts of this JavaScript library, including JSX syntax and advanced patterns, the virtual DOM, React reconc...(194.65 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It Jonathan Zdziarski (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.