Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It
- Autor:
- Jonathan Zdziarski
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 358
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It
If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.
This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.
- Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
- Learn how attackers infect apps with malware through code injection
- Discover how attackers defeat iOS keychain and data-protection encryption
- Use a debugger and custom code injection to manipulate the runtime Objective-C environment
- Prevent attackers from hijacking SSL sessions and stealing traffic
- Securely delete files and design your apps to prevent forensic data leakage
- Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Wybrane bestsellery
-
Jak obronić się przed atakiem? Wszystkie niezbędne informacje znajdziesz w tym wyjątkowym podręczniku. W trakcie lektury dowiesz się, jak działają hakerzy, jak wyszukują słabe punkty aplikacji oraz jak modyfikują jej kod. Ponadto nauczysz się utrudniać śledzenie kodu Twojej aplikacji oraz bezpiec...(29.49 zł najniższa cena z 30 dni)
32.45 zł
59.00 zł(-45%) -
"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!"-Andrew Sheldon, Director of Evidence Talks, computer forensics expertsWith iPhone use increasing in business networks, IT a...
iPhone Forensics. Recovering Evidence, Personal Data, and Corporate Assets iPhone Forensics. Recovering Evidence, Personal Data, and Corporate Assets
(111.84 zł najniższa cena z 30 dni)111.74 zł
139.00 zł(-20%) -
Certain technologies bring out everyone's hidden geek, and iPhone did the moment it was released. Even though Apple created iPhone as a closed device, tens of thousands of developers bought them with the express purpose of designing and running third-party software. In this clear and concise book...
iPhone Open Application Development. Write Native Objective-C Applications for the iPhone iPhone Open Application Development. Write Native Objective-C Applications for the iPhone
(112.55 zł najniższa cena z 30 dni)112.05 zł
139.00 zł(-19%) -
This third edition of Swift Cookbook will give you a solid understanding of programming in Swift 5.9, thanks to its recipe-based, practical approach. If you want to polish your existing skills, this book has you covered.
Swift Cookbook. Proven recipes for developing robust iOS applications with Swift 5.9 - Third Edition Swift Cookbook. Proven recipes for developing robust iOS applications with Swift 5.9 - Third Edition
-
The iOS Interview Guide is an essential book for iOS developers who want to maximize their skills and prepare for the competitive world of interviews on their way to getting their dream job. The book covers all the crucial aspects, from writing a resume to reviewing interview questions, and passi...
The Ultimate iOS Interview Playbook. Conquer Swift, frameworks, design patterns, and app architecture for your dream job The Ultimate iOS Interview Playbook. Conquer Swift, frameworks, design patterns, and app architecture for your dream job
-
Learn the essentials of working with Flutter and Dart to build full stack applications that meet the needs of a cloud-driven world. Together, the Flutter open source UI software development kit and the Dart programming language for client development provide a unified solution to building applica...(203.15 zł najniższa cena z 30 dni)
205.20 zł
239.00 zł(-14%) -
Test-driven development is a proven way to find software bugs early. Writing tests before you code improves the structure and maintainability of your apps. This book will guide you through the steps for creating a complete app using TDD and cover the core elements of iOS apps: view controllers, v...
Test-Driven iOS Development with Swift. Write maintainable, flexible, and extensible code using the power of TDD with Swift 5.5 - Fourth Edition Test-Driven iOS Development with Swift. Write maintainable, flexible, and extensible code using the power of TDD with Swift 5.5 - Fourth Edition
-
iOS 15 Programming for Beginners is an introductory guide to learning the essentials of Swift programming and iOS development for building your first iOS app and publishing it on the App Store. Fully updated to cover the latest features in iOS 15, this practical guide will help you get up to spee...
iOS 15 Programming for Beginners. Kickstart your mobile app development journey by building iOS apps with Swift 5.5 and Xcode 13 - Sixth Edition iOS 15 Programming for Beginners. Kickstart your mobile app development journey by building iOS apps with Swift 5.5 and Xcode 13 - Sixth Edition
-
Dzięki temu przewodnikowi płynnie rozpoczniesz pisanie aplikacji we Flutterze w języku Dart. Dowiesz się, jak skonfigurować środowisko programistyczne i rozpocząć projekt. Książka poprowadzi Cię przez proces projektowania interfejsu użytkownika i funkcji umożliwiających poprawną pracę aplikacji. ...
Flutter i Dart 2 dla początkujących. Przewodnik dla twórców aplikacji mobilnych Flutter i Dart 2 dla początkujących. Przewodnik dla twórców aplikacji mobilnych
(44.50 zł najniższa cena z 30 dni)48.95 zł
89.00 zł(-45%) -
Move into iOS development by getting a firm grasp of its fundamentals, including the Xcode 13 IDE, Cocoa Touch, and the latest version of Apple's acclaimed programming language, Swift 5.5. With this thoroughly updated guide, you'll learn the Swift language, understand Apple's Xcode development to...(179.69 zł najniższa cena z 30 dni)
179.49 zł
219.00 zł(-18%)
Kup polskie wydanie:
Łamanie i zabezpieczanie aplikacji w systemie iOS
- Autor:
- Jonathan Zdziarski
32,45 zł
59,00 zł
(29.49 zł najniższa cena z 30 dni)
Ebooka "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-14-493-2523-7, 9781449325237
- Data wydania ebooka:
- 2012-01-17 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 3.7MB
- Rozmiar pliku Mobi:
- 9.1MB
Spis treści ebooka
- Hacking and Securing iOS Applications
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- Audience of This Book
- Organization of the Material
- Conventions Used in This Book
- Using Code Examples
- Legal Disclaimer
- Safari Books Online
- How to Contact Us
- 1. Everything You Know Is Wrong
- The Myth of a Monoculture
- The iOS Security Model
- Components of the iOS Security Model
- Device security
- Data security
- Network security
- Application security
- Components of the iOS Security Model
- Storing the Key with the Lock
- Passcodes Equate to Weak Security
- Forensic Data Trumps Encryption
- External Data Is at Risk, Too
- Hijacking Traffic
- Data Can Be Stolen...Quickly
- Trust No One, Not Even Your Application
- Physical Access Is Optional
- Summary
- I. Hacking
- 2. The Basics of Compromising iOS
- Why Its Important to Learn How to Break Into a Device
- Jailbreaking Explained
- Developer Tools
- End User Jailbreaks
- Jailbreaking an iPhone
- DFU Mode
- Tethered Versus Untethered
- 2. The Basics of Compromising iOS
- Compromising Devices and Injecting Code
- Building Custom Code
- Analyzing Your Binary
- Basic disassembly
- Listing dynamic dependencies
- Symbol table dumps
- String searches
- Testing Your Binary
- Daemonizing Code
- Deploying Malicious Code with a Tar Archive
- Grabbing signed binaries
- Preparing the archive
- Deploying the archive
- Deploying Malicious Code with a RAM Disk
- Build a custom launchd
- Breakdown of launchd example
- Building a RAM disk
- Booting a RAM disk
- Troubleshooting
- Exercises
- Summary
- 3. Stealing the Filesystem
- Full Disk Encryption
- Solid State NAND
- Disk Encryption
- Filesystem Encryption
- Protection classes
- Where iOS Disk Encryption Has Failed You
- Full Disk Encryption
- Copying the Live Filesystem
- The DataTheft Payload
- Disabling the watchdog timer
- Bringing up USB connectivity
- Payload code
- The DataTheft Payload
- Customizing launchd
- Preparing the RAM disk
- Imaging the Filesystem
- Copying the Raw Filesystem
- The RawTheft Payload
- Payload code
- The RawTheft Payload
- Customizing launchd
- Preparing the RAM disk
- Imaging the Filesystem
- Exercises
- The Role of Social Engineering
- Disabled Device Decoy
- Deactivated Device Decoy
- Malware Enabled Decoy
- Password Engineering Application
- Summary
- 4. Forensic Trace and Data Leakage
- Extracting Image Geotags
- Consolidated GPS Cache
- Extracting Image Geotags
- SQLite Databases
- Connecting to a Database
- SQLite Built-in Commands
- Issuing SQL Queries
- Important Database Files
- Address Book Contacts
- Putting it all together
- Address Book Images
- Google Maps Data
- Calendar Events
- Call History
- Email Database
- Mail attachments and message files
- Notes
- Photo Metadata
- SMS Messages
- Safari Bookmarks
- SMS Spotlight Cache
- Safari Web Caches
- Web Application Cache
- WebKit Storage
- Voicemail
- Reverse Engineering Remnant Database Fields
- SMS Drafts
- Property Lists
- Important Property List Files
- Other Important Files
- Summary
- 5. Defeating Encryption
- Sogetis Data Protection Tools
- Installing Data Protection Tools
- Building the Brute Forcer
- Building Needed Python Libraries
- Sogetis Data Protection Tools
- Extracting Encryption Keys
- The KeyTheft Payload
- Customizing Launchd
- Preparing the RAM disk
- Preparing the Kernel
- Executing the Brute Force
- Decrypting the Keychain
- Decrypting Raw Disk
- Decrypting iTunes Backups
- Defeating Encryption Through Spyware
- The SpyTheft Payload
- Daemonizing spyd
- Customizing Launchd
- Preparing the RAM disk
- Executing the Payload
- Exercises
- Summary
- 6. Unobliterating Files
- Scraping the HFS Journal
- Carving Empty Space
- Commonly Recovered Data
- Application Screenshots
- Deleted Property Lists
- Deleted Voicemail and Voice Recordings
- Deleted Keyboard Cache
- Photos and Other Personal Information
- Summary
- 7. Manipulating the Runtime
- Analyzing Binaries
- The Mach-O Format
- Introduction to class-dump-z
- Symbol Tables
- Analyzing Binaries
- Encrypted Binaries
- Calculating Offsets
- Dumping Memory
- Copy Decrypted Code Back to the File
- Resetting the cryptid
- Abusing the Runtime with Cycript
- Installing Cycript
- Using Cycript
- Breaking Simple Locks
- Replacing Methods
- Trawling for Data
- Instance variables
- Methods
- Classes
- Logging Data
- More Serious Implications
- Personal data vaults
- Payment processing applications
- Electronic banking
- Exercises
- SpringBoard Animations
- Call Tapping...Kind Of
- Making Screen Shots
- Summary
- 8. Abusing the Runtime Library
- Breaking Objective-C Down
- Instance Variables
- Methods
- Method Cache
- Breaking Objective-C Down
- Disassembling and Debugging
- Eavesdropping
- The Underlying Objective-C Framework
- Interfacing with Objective-C
- Malicious Code Injection
- The CodeTheft Payload
- Injection Using a Debugger
- Injection Using Dynamic Linker Attack
- Full Device Infection
- Summary
- 9. Hijacking Traffic
- APN Hijacking
- Payload Delivery
- Removal
- APN Hijacking
- Simple Proxy Setup
- Attacking SSL
- SSLStrip
- Paros Proxy
- Browser Warnings
- Attacking Application-Level SSL Validation
- The SSLTheft Payload
- Hijacking Foundation HTTP Classes
- The POSTTheft Payload
- Analyzing Data
- Driftnet
- Building
- Running
- Exercises
- Summary
- II. Securing
- 10. Implementing Encryption
- Password Strength
- Beware Random Password Generators
- Password Strength
- Introduction to Common Crypto
- Stateless Operations
- Stateful Encryption
- 10. Implementing Encryption
- Master Key Encryption
- Geo-Encryption
- Geo-Encryption with Passphrase
- Split Server-Side Keys
- Securing Memory
- Wiping Memory
- Public Key Cryptography
- Exercises
- 11. Counter Forensics
- Secure File Wiping
- DOD 5220.22-M Wiping
- Objective-C
- Secure File Wiping
- Wiping SQLite Records
- Keyboard Cache
- Randomizing PIN Digits
- Application Screenshots
- 12. Securing the Runtime
- Tamper Response
- Wipe User Data
- Disable Network Access
- Report Home
- Enable Logging
- False Contacts and Kill Switches
- Tamper Response
- Process Trace Checking
- Blocking Debuggers
- Runtime Class Integrity Checks
- Validating Address Space
- Inline Functions
- Complicating Disassembly
- Optimization Flags
- Stripping
- Theyre Fun! They Roll! -funroll-loops
- Exercises
- 13. Jailbreak Detection
- Sandbox Integrity Check
- Filesystem Tests
- Existence of Jailbreak Files
- Size of /etc/fstab
- Evidence of Symbolic Linking
- Page Execution Check
- 14. Next Steps
- Thinking Like an Attacker
- Other Reverse Engineering Tools
- Security Versus Code Management
- A Flexible Approach to Security
- Other Great Books
- About the Author
- SPECIAL OFFER: Upgrade this ebook with OReilly
O'Reilly Media - inne książki
-
Keeping up with the Python ecosystem can be daunting. Its developer tooling doesn't provide the out-of-the-box experience native to languages like Rust and Go. When it comes to long-term project maintenance or collaborating with others, every Python project faces the same problem: how to build re...(203.15 zł najniższa cena z 30 dni)
206.29 zł
239.00 zł(-14%) -
Bringing a deep-learning project into production at scale is quite challenging. To successfully scale your project, a foundational understanding of full stack deep learning, including the knowledge that lies at the intersection of hardware, software, data, and algorithms, is required.This book il...(237.15 zł najniższa cena z 30 dni)
248.30 zł
289.00 zł(-14%) -
Frontend developers have to consider many things: browser compatibility, usability, performance, scalability, SEO, and other best practices. But the most fundamental aspect of creating websites is one that often falls short: accessibility. Accessibility is the cornerstone of any website, and if a...(194.65 zł najniższa cena z 30 dni)
206.20 zł
239.00 zł(-14%) -
In this insightful and comprehensive guide, Addy Osmani shares more than a decade of experience working on the Chrome team at Google, uncovering secrets to engineering effectiveness, efficiency, and team success. Engineers and engineering leaders looking to scale their effectiveness and drive tra...(118.15 zł najniższa cena z 30 dni)
120.29 zł
149.00 zł(-19%) -
Data modeling is the single most overlooked feature in Power BI Desktop, yet it's what sets Power BI apart from other tools on the market. This practical book serves as your fast-forward button for data modeling with Power BI, Analysis Services tabular, and SQL databases. It serves as a starting ...(194.65 zł najniższa cena z 30 dni)
205.54 zł
239.00 zł(-14%) -
C# is undeniably one of the most versatile programming languages available to engineers today. With this comprehensive guide, you'll learn just how powerful the combination of C# and .NET can be. Author Ian Griffiths guides you through C# 12.0 and .NET 8 fundamentals and techniques for building c...(228.65 zł najniższa cena z 30 dni)
248.59 zł
289.00 zł(-14%) -
Learn how to get started with Futures Thinking. With this practical guide, Phil Balagtas, founder of the Design Futures Initiative and the global Speculative Futures network, shows you how designers and futurists have made futures work at companies such as Atari, IBM, Apple, Disney, Autodesk, Luf...(152.15 zł najniższa cena z 30 dni)
153.85 zł
179.00 zł(-14%) -
Augmented Analytics isn't just another book on data and analytics; it's a holistic resource for reimagining the way your entire organization interacts with information to become insight-driven.Moving beyond traditional, limited ways of making sense of data, Augmented Analytics provides a dynamic,...(180.20 zł najniższa cena z 30 dni)
180.15 zł
219.00 zł(-18%) -
Learn how to prepare for—and pass—the Kubernetes and Cloud Native Associate (KCNA) certification exam. This practical guide serves as both a study guide and point of entry for practitioners looking to explore and adopt cloud native technologies. Adrián González Sánchez ...
Kubernetes and Cloud Native Associate (KCNA) Study Guide Kubernetes and Cloud Native Associate (KCNA) Study Guide
(169.14 zł najniższa cena z 30 dni)177.65 zł
209.00 zł(-15%) -
Python is an excellent way to get started in programming, and this clear, concise guide walks you through Python a step at a time—beginning with basic programming concepts before moving on to functions, data structures, and object-oriented design. This revised third edition reflects the gro...(147.71 zł najniższa cena z 30 dni)
147.51 zł
179.00 zł(-18%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Hacking and Securing iOS Applications. Stealing Data, Hijacking Software, and How to Prevent It Jonathan Zdziarski (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.