Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (Paperback)

Jonathan Zdziarski

買這商品的人也買了...

商品描述

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

  • Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
  • Learn how attackers infect apps with malware through code injection
  • Discover how attackers defeat iOS keychain and data-protection encryption
  • Use a debugger and custom code injection to manipulate the runtime Objective-C environment
  • Prevent attackers from hijacking SSL sessions and stealing traffic
  • Securely delete files and design your apps to prevent forensic data leakage
  • Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

商品描述(中文翻譯)

如果你是一位具有扎實的 Objective-C 基礎的應用程式開發者,這本書絕對是必讀的——你的 iOS 應用程式很有可能容易受到攻擊。這是因為惡意攻擊者現在使用一系列工具來逆向工程、追蹤和操縱應用程式,而大多數程式設計師並不知曉這些方法。

本指南介紹了幾種 iOS 攻擊類型,以及黑客使用的工具和技術。你將學習到保護應用程式的最佳實踐,並了解像對手一樣理解和制定策略的重要性。

- 檢查現實世界應用程式中的微妙漏洞,並避免在你的應用程式中出現相同的問題
- 學習攻擊者如何通過代碼注入將惡意軟體感染到應用程式中
- 發現攻擊者如何破解 iOS 金鑰串和資料保護加密
- 使用調試器和自定義代碼注入來操縱運行時的 Objective-C 環境
- 防止攻擊者劫持 SSL 會話並竊取流量
- 安全刪除檔案並設計你的應用程式以防止法醫數據外洩
- 避免調試濫用,驗證運行時類的完整性,並使你的代碼更難追蹤