IOS App Pentest

Penetration Testing

Penetration Testing

For iOS Applications

NSLog (@”Hell

NSLog (@”Hell

o, OW

o, OW

ASP!”);

ASP!”);

•

•

About me!

About me!

•

•

 Jason Haddix  i

 Jason Haddix  i

"e

"e

#to" o$

#to" o$

Penet"at

Penet"at

ion

ion

%

%

estin

estin

g H

g H

P &o"ti

P &o"ti

$'

$'

•

•

&

&

o"me" Neten

o"me" Neten

gu'

gu'

•

•

u""ent *obile a

u""ent *obile a

nd W

nd W

eben gu'

eben gu'

•

•

•

&o"ti$' on emand does d'nami#

&o"ti$' on emand does d'nami#

testing $o" eb as, mobile, se#ial

testing $o" eb as, mobile, se#ial

"o.e#ts, ba/eo0s, et#1

"o.e#ts, ba/eo0s, et#1

•

3oug+ Agenda (e ill

dig"ess)

•

4ui#/ O5e"5ie o$ t+e iP+one

Plat$o"m

•

 %+"eat *odeling 6

 a"t'

ali#ations

•

7n5i"onment Setu

•

W+itebox Assessments

8la#/box Assessments

 %e#+ Sta#/

   9

   :

   :

   *

   H

  ;

   d

  u

  a

   l

  #

 <

  o

  "

  e

   A

   3

   *

   P

  "

  o

  #

  e

  s

  s

  o

  "

iOS ($o"/ o$ a"in ($o"/ o$ 8S)) Oe"atin g S'stem Language A3* 7xe#utabl es   J a  i  l  b "  e a  /

W+at does an iOS Ali#ation Loo/

Li/e

•

iOS Ali#ationsB

 – n e5eloment it+ Ale SC

D#odeB

• ist"ibuted as Dode P"o.e#t &olde"s  – omiled and delo'ed t+"oug+ t+e

a sto"eB

• omiled as A3*

• ist"ibuted as EFia” Gles

• i Gles #ontaining a "esou"#es and

A3* exe#utable

•

elo'ed as EFa” di"e#to"ies

7xe#utable #ode isB

 – en#"'ted it+ &ai"Pla' 3* (A7S)  – signed it+ Ale2s signatu"e

W+at does an iOS Ali#ation Loo/

Li/e

 %'es o$ iOS Ali#ations

•

Web Ali#ationsB

 –

H%*L = SS = Ja5aS#"it

3un inside Sa$a"iWeb/it

Nati5e Ali#ationsB

 –

W"itten in Ob.e#ti5e< (= ==)

 –

omiled into A3* $o" a#tual de5i#es,

Ob.e#ti5e<

Ob.e#ti5e< is a sue"set o$ , t+is

means all  #ode still aliesF

Ho do e %est



 _{%o di0e"ent a"oa#+es to testingB}



_{W+itebox testing}

 _{&ull in$o"mation and sou"#e #ode "o5ided}



_{8la#/box testing}

 _{No #ode o" in$o"mation "o5ided}

 _{Wo"/ing onl' it+ donloadable a}



 _{%+"ee a"eas to $o#us onB}

 _{Atta#/ t+e neto"/ #ommuni#ation}  _{Atta#/ t+e se"5e" #omonent}

 %+"eat *odeling 6

"d

 Pa"t' As



_{denti$' business ob.e#ti5es}



_{denti$' use" "oles t+at ill inte"a#t it+ t+e}

ali#ation

  _{%"a#/ +ig+e" and loe" "oles $un#tions}



_{denti$' t+e data t+e ali#ation ill}

maniulate

 _{P 5s Non<P}

 _{"edentials > a##ess}  _{W+e"e is it sto"ed}



_{W+at +aens i$ t+e use" loses +is P+one O"}

it2s stolen

3eminde"s



_{*an' as ill en#ode sensiti5e data, not}

en#"'tF Loo/ $o"B

 _8aseI  #-&#6d5#m4  _Hex  _{:I66I$QI}  _e#imal  Q R   R   ::  _*d  _{$d##6baaIdId96Qdeb99Q#$RR}  _SHA  _{baaIe#RbR6$6$:I9QQ:bI#$966beeI9$d9}

3eminde"s

 _{Neto"/ onne#tion Name}

 _{Ali#ation ata}

Ha"da"e 7n#"'tion and ** Will

Sa5e ?s!

 _{Ha"da"e en#"'tion in iOS onl'} alies +e"e se#iG#all' #alled and to mail and S*S

 _{Ce' to unen#"'t t+e data is} sto"ed in e0a#eable sto"ageF

 _{Ha"da"e en#"'tion it+out **} is sus#etible to b"ute $o"#e

atta#/s

 _{Q min to b"ea/ a  digit PN}

 _{Ha"da"e en#"'tion it+ **,} it+ "emote ie enabled, and long PN

 _{8est otion}

 %+e big ta/eaa' it+ iOS

7n#"'tion



_P+'si#al

a##ess ins!



_{Plus 'ou #an}

ala's ulls

some sue"

#ool s'

mo5es!

W+ite8ox 7n5i"onment Setu

 %ool ListB

  _{Tou" *a#B}

 _{D#ode (neest)}

 _{8uildanal'e#lang}  _{P"oe"t' List 7dito"}  _Plutil  _otool  _{nst"uments}  _{Wi"es+a"/%s+a"/1}  _net#at  _Nma  _{8u" Suite}  _&laGnde"  _{S4Lite *ange"}  _&u8

Anatom' o$ an Ali#ation in

iOS Sim

 _{S+o all GlesB de$aults "ite #omFaleF&inde" AleS+oAll&iles}

 T7S

 _{?se"sUuse"nameLib"a"'Ali#ation Suo"tiP+one}

Simulato"Ali#ationsUa

   _{./Documents  "oe"ties, logs}    _{./Library/Caches  #a#+e' t+ings}

   _{./Library/Caches/Snapshots  s#"eens+ots o$ 'ou" a}    _{./Library/Cookies  #oo/ie lists}

   _{./Library/Preferences  5a"ious "e$e"en#e lists}    _{./Library/WebKit  WebCit lo#al sto"age}

   _{./Appname.app  a "esou"#esB bina"', g"a+i#s, nibs,}

n$oFlist

W+itebox  lient<Side %esting

 _{denti$' H%%P(S) and eb se"5i#e ?3Ls}  _{Pa"se Web Se"5i#e &un#tions}

 _{denti$' &iles'stem nte"a#tion > ata Sto"age}  _{*anual Sou"#e #ode nse#tion}

Anal'ing > SA %ools



_{8uild and Anal'e}



_{&unnil' enoug+ D#ode +as a built in sou"#e}

#ode s#anne" $o"me"l' /non as LAN-F



_{+ttB#lang<anal'e"Fll5mFo"ga5ailableV#+e}

#/sF+tml



_{?se it to GndB}



_{memo"' lea/s}



_{a##essing uninitialied 5a"iables}

Anal'ing

SA

  _Fortify

_al"ead'

suo"ts 

lib"a"iesF

  _Fortify

_{Ob.e#ti5e<}

_&laGnde"

denti$'ing H%%P(S) and WS alls



_{Pa"se sou"#e #ode at+ $o" all ?3Ls and}

Web Se"5i#es t+e a is #allingB



_{ommand (di"t')B}

 _{g"e <" <a YBY U"o.e#tVat+ Z a/ <& Y+ttY [\"int}

UQ][ Zso"t u

 _{B "e"esents standa"d +tt}  sB is +tts #all

 _{O" in D<ode sea"#+ $o" B}

 _{Sin#e e2"e in sou"#e t+is ill gi5e us ?3Ls in}

denti$'ing H%%P(S) and WS alls

Pa"sing WSAP &un#tions

 _{&ollo u on inte"esting lin/s b' t"a#/ing don t+e Gle it}

aea"ed inB

 _{g"e <" <& EBinte"esting?3L”}

 _{Hoe$ull' doing t+is 'ou ill Gnd NS?"l  #onstant}

Pa"sing WSAP &un#tions

 _{No e #an t"a#/ don asso#iated -7%S and POS%S}

it+ Pa"amete"s, sea"#+ing $o" t+e #onstant5a"iable namesB

 _{No e +a5e a bette" maing o$ t+e WS and its #alls}  _{A5oid t+e Fs5n di"e#to"ies}

denti$'ing &ile S'stem and ata

Sto"age



_{iOS as use a 5a"iet' o$ met+ods $o"}

sto"age1 almost all o$ t+em su#/F

8asi#all' an' #"edential o" P sto"ed on

t+e #lient side is 9:^ o$ t+e time a

 _{8undled it+ D<#ode in Lion is nst"uments +i#+ e}

#an use to monito" t+e iOS simulato" and +at ou" ta"get ali#ation doesF Tou #an #oma"e it to se5e"al S'snte"nals toolsF %+e t'e o$ data it #an #atu"e

in#ludesB

 _{&ile A#ti5it' monito"ing}  _{*emo"' *onito"ing}

 _{P"o#ess *onito"ing  simila" to procmon}  _{Neto"/ *onito"ing  simila" to netmon}



 _{%+e tool #an be laun#+ed $"om t+e D#ode}

*enu < Oen e5eloe" %ool<

nst"uments

denti$'ing &ile S'stem and ata

Sto"age

denti$'ing &ile S'stem and ata

Sto"age



_{A"eas o$ inte"estB}



_Plists



_{S4Lite6 atabases}

_Ce'#+ain



 _{%em &iles}

denti$'ing &ile S'stem and ata

Sto"age

Plists



_{?sed b' iP+one to sto"e sa5ed "oe"ties and}

data

 _{8ina"' (#om"essed D*L) (de"e#iated)}



 _{%+e bina"' lists need #on5e"ting, 'ou #an}

useB

 _{lutil to #on5e"t to D*L}

 _{P"oe"t' List 7dito" (in Dode)}



_{lists #ontain all /inds o$ .ui#' in$o"mationF}

+e#/ $o"B

 _{oo/ies, emails, use"names, asso"ds, sensiti5e}

Plists



_{3un a in simulato", "o5ide #"edentials to}

e5e"'t+ing 'ou #an, use t+e a t+o"oug+l'F

  _%itte"  _&a#eboo/

Plists

 _{A bit about ?3LS#+emesB}

 _{Lo#ate n$oFlist GleF Oen it+ EP"oe"t' List} 7dito"” o"

 _{#on5e"t to D*LB plutil -conert !ml"}

#nfo.plist

 _{$he info.plist %ill &e'ne any custom}

Plists

PlutilB

S4Lite

 _{A lot o$ iOS ali#ations sensiti5e data in S4Lite6 databases}

on t+e de5i#eF

S4Lite

  _{%+e"e a"e extensions (73O is one, s_l#i+e" is anot+e") t+at}

suo"t en#"'tion, but t+e #ode is not ubli#l' a5ailable, 'ou

need to li#ense itF Ale +as not, so t+e in#luded 5e"sion o$ s_lite6 does not suo"t en#"'ted databasesF

 _{Still dange"ous to sto"e stu0 #lient sideF 75en it+ extensions 'ou}

#an "e5e"se out en#"'tion /e's () $"om t+e memo"' o$ a .ailb"o/en +one and de#"'t t+e databaseFo" b"ea/oint a$te" de#"'tion) to b'assB

 _{e"od is as simle as loo/ing $o" E#e"odBassd” o" b"ea/}

ointing and ulling out o$ memo"'B

 _{s_lite6Voen(YB#e"odBassdBGlenameFdbY, >db);}  _{+ttBF+a#iF#omss_lite#e"odF+tml}

Ce'+ain

 _{Ce'#+ain  7n#"'ted #ontaine" $o" sto"ing sensiti5e}

in$o"mation

 _{Sma"te" de5s sto"e asso"ds and sensiti5e data using}

t+e /e'#+ainF ?n$o"tunatel' it+ a##ess to a +one and .ailb"ea/ing e #an unen#"'t t+e /e'#+ain and dum t+e #ontentsF

 _{See +at 'ou a is using t+e C $o"B}

  _{g"e <" <& E/Se#Att"Y U"o.e#tVat+ Z g"e <5 Fs5n}

 _{O" ES&H&Ce'#+ain?tils”}

  _{%+"eat *odel t+is data1 We ill go o5e" bla#/box}

Side +annel ata Lea/age

 _{iOS as +a5e a numbe" o$ E$eatu"es” t+at #an be}

se#u"it' 5ulne"abilitiesF 

_{Logging &iles}

_a#+ing

_{&ile a#+ing}

_{Ce'boa"d a#+ing}

_{Snas+ot a#+ing}

_{liboa"d a#+ing}

Logging

 _{iOS Logs lots o$ data, NSLog ese#iall', %+e' #an be}

5ieed a$te" t+e $a#t inB

   _{(/Library/Lo)s/Crash*eporter/+obileDeice/,Deice}

name/priate/ar/lo)/system.lo)   _{Custom Lo))in)}

 SLo)

 _{g"e <" <& ENSLogY U"o.e#tVat+ Z g"e <5 Fs5n}  _{an be 5ieed in 'ou ma# E#onsole” a unde"}

&ile a#+ing

 _{$ t+e ali#ation uses P&, 7x#el, o" ot+e" Gles it ma'}

be ossible t+at t+ese Gles ma' +a5e been #a#+ed on t+e de5i#eF %+ese #an be $ound atB

 _{(/Library/Application Support/iPhone}

simulator/!.!.!/Applications/,application fol&er/Documents/temp.p&f 

Ce'boa"d a#+ing

 _{Ce'st"o/es $o" "edi#ti5e sell#+e#/ a"e sto"ed inB}  _{(/Library/Application Support/iPhone}

Simulator/!.!.!/Library/Keyboar&/&ynamic-te!t.&at

  _{%+is issue is simila" to autocomplete $o" eb}

b"ose"sF

 _{Al"ead' disabled $o" asso"d Gelds}

 _{S+ould be disabled $o" an' otentiall' sensiti5e Gelds}

(a##ount numbe"s, SSN, et#, et#1)

 _{Set ?%ext&ield "oe"t' auto#o""e#tion%'e }

Snas+ot a#+ing

 _{W+en in an ali#ation and t+e +ome button is us+ed,}

t+e ali#ation sto"es a snas+ot (s#"eens+ot) in t+e as snas+ot $olde"B

 _{`Lib"a"'Ali#ation Suo"tiP+one}

Simulato"xFxFxAli#ationsali#ation $olde"Lib"a"'a#+esSnas+ots

  _{%+ese e"sist until "ebootF}

 _{Hoe$ull' 'ou e"en2t on a s#"een it+ an' sensiti5e}

*anual Sou"#e 3e5ie

  _{Just some ointe"s, not $ull blon manual s#aB}

 _{nsu#ient t"anso"t  identi$' bad SSL}

 _n.e#tion

 _S4L

 _DSS

 _{&o"mat St"ing}  _L&

S4L n.e#tion lient<Side

8AB

NSSt"ing cs_l  NSSt"ing st"ingWit+&o"matB@YS7L7% name &3O* "odu#ts

WH737 id  [^@[Y, idM;

#onst #+a" c_ue"'  s_l ?%&9St"ingM;

-OOB

#onst #+a" cs_l  YS7L7% name &3O* "odu#ts WH737 id  Y; s_lite6V"ea"eV5Q(database, s_l, <, >s_lVstatement, N?LL); s_lite6VbindVtext(>s_lVstatement, , id, <, S4L%7V%3ANS7N%);

DSS lient<Side

• 3ende"s eb #ontent inside an ali#ation it+ eb/itB •  Ja5as#"it

• H%*L • P&

• O#e o#uments (DLS, PP%, O)

• iWo"/ o#uments (Pages, Numbe"s, Ce'note)

DSS lient<Side

an o##u" +ene5e" use" #ont"olled Ob.e#ti5e  5a"iables oulated in to WebKie

stringByEvaluatingJavaScriptFromString

NSSt"ing c .a5as#"it  NSSt"ing allo#M initWit+&o"matB@Y5a" m'5a"Y^@Y;Y, use"nameM;

m'ebKie

st"ing8'75aluatingJa5aS#"it&"omSt"ingB .a5as#"itM;

Ot+e" n.e#tion Atta#/s

L&2s B ?se" #ont"olled inut to

NS&ile*anage" #an lead to L&2s (FFFFFFFF)

&o"mat St"ing atta#/s1

&o"mat St"ing Atta#/s

5ulne"able ob.<# met+odsB

 NSLog()

 NSSt"ing st"ingWit+&o"matBM

 NSSt"ing initWit+&o"matBM

 NS*utableSt"ing aend&o"matBM

 NSAle"t in$o"mati5e%extWit+&o"matBM

 NSP"edi#ate "edi#ateWit+&o"matBM

 NS7x#etion $o"matBM

 NS3unAle"tPanel

W+itebox  Neto"/ > Se"5e"

 %esting

 _{nsu#ient %"anso"t}  _{P"ox' Simulato"}

 _{SSL +e#/ing}

 _{Pulling items out o$ st"eams}  _{Web Se"5i#e %esting}

P"ox'ing %+e Simulato"

P"ox'ing %+e Simulato"

 _{Neto"/ < Ad5an#ed < P"oxies < Web P"ox' >}

P"ox'ing %+e Simulato"

 _{SSL Su#/s (}  _{-et 8u" #e"t}

 _{iOS simulato" needs t+e #e"t sto"ed in t+e}

~!i"rary#pplication SupportiPhone Simulator$SD% version&!i"rary%eychains  di"e#to"' on 'ou" *a#

 _{?se 't+on s#"it b' -ot+am igital S#ien#e to add t+e}

#e"t to t+e dbB

 _{+ttsBgit+ubF#om-SSe#u"it'}

Add<%"usted<e"tiG#ate<to<iOS<Simulato"

8la#/box lient<Side %esting

 _{denti$' ali#ation di"e#to"ies}  _{Obtain a}

 _{Pa"se out some se"5e" in$o"mation}  _{nstall "ox' #e"tiG#ate on +one}  _{P"ox' +one}

8la#/box 7n5i"onment Setu

 %ool ListB

  _{Tou" P+oneB}

  _Jailb"ea/

 _{osVanal'eFl}

 _{*a#<"obbe" and logQtimeline}  _{ommand Line Cnoledge}  _{"a#/ulous, a#"a#/}  _{Asit#+}  _'#"it 

 _{Tou" PB}

 Jailb"ea/ing a e5i#e

 Jailb"ea/ing is t+e a#t o$ using an exloit

(o" a #ombination o$ exloits) on t+e

ide5i#e to b"ea/ out o$ t+e ios .ail and

allo $o" #ustom a##ess to t+e +ones

OSF

*ala"e #an do t+is silentl'1

8a#/ to &"ee8S!

 Jailb"ea/ing a e5i#e

onsume" le5el .ailb"ea/s automagi#all' set

u SSH

?se"nameB "oot

Passo"dB aline

&ind 'ou" +ones P $"om t+e Settings < WiG

< mo"e otions menu

nstalling e"t on e5i#e

• 7xo"t bu" F#e" Gle • 7mail to 'ou"sel$ 

a##ess using sa$a"i

Obtain A

8la#/8oxB

 _{-et $"om a sto"e o" #ustome" ad<+o# dist"ibutionB}

 _{A Sto"e bina"ies a"e en#"'ted}

 _{*anual de#"'tion}

 _{?se debugge", b"ea/oint 7P, let loade" de#"'t, dum}

de#"'ted image  +ttB d5labsFtiingointF#omblogQ::R:6:I"e5e"se<enginee"ing<i+on e<asto"e<bina"ies  +ttBauldot#omF#omi/iindexF+7isodeQQI  _Automated

 _{"a#/ulous o" A"a#/}

 _{Automate "emo5ing 3*}

 _{an be t"ans$e""ed beteen de5i#es}

denti$' A i"e#to"ies



₆

 _{a"t' Ali#ations a"e sto"ed inB}

Pa"sing Out Se"5e" alls



_{St"ings and g"e!}

_{uni Fia Gles}



_{&inds all t+e st"ings in t+e a bina"'B}



_{loo/s $o" ?3Ls, +ostnames, ?3L a"ts and}

$un#tion names



_{Not ex+austi5e, +itebox met+ods gi5e 'ou}

mo"eF

*onito"ing t+e &ile S'stem

 _{So +at i$ a Gle is #"eated $o" temo"a"' sto"age and}

t+en deleted

 _*a#<"obbe"

Ema#<"obbe" is a digital in5estigation tool t+at #olle#ts data $"om allo#ated Gles in a mounted Gle s'stemF %+is is use$ul du"ing in#ident "esonse +en anal'ing a li5e s'stem o" +en anal'ing a dead s'stem in a labF %+e data #an be used b'

t+e ma#time tool in %+e Sleut+ Cit to ma/e a timeline o$ Gle a#ti5it'F %+ema#<

"obbe" tool is based on t+e g"a5e<"obbe" tool $"om %% and is "itten in  instead o$ Pe"lF

Log *onito"ing

  _{Tou #an #omile #ustom  #ode to inte"$a#e it+ ales}

s'slogd (ASL) o"1

Side +annel ata lea/age

 _{All t+e tests a"e t+e same ex#et t+e' no mo5e onto}

*entioning Ad5an#ed %esting

 %e#+ni_ues

 _{3emote *emo"' uming}

 _{A P"o 3emote ebugging it+ -8}

 _{uming t+e iOS Ce'#+ain}

 _{*aing Hoo/ing t+e Ob.e#ti5e< 3untime to b'ass}

se#u"it' #ont"ols

 _{lass<dum<}  _'#"it

 _{Sol5ing SSL P"ox' ssues}  _{SSL St"i in 8u"}

 _*allo"'

*emo"' uming

 _{A Suo"ts "emote debugging, in otions 'ou #an}

setu a "emote -8 se"5e"

 _{Sta"t -8 on t+e i+oneB}

 _{e5eloe"us"bin Fdebugse"5e" UPBo"t Ua}

C

C

e'#+ain

e'#+ain

ume"

ume"



 _{uming t+e CBuming t+e CB}



 _{+ttsBgit+ubF#om+ttsBgit+ubF#omtoome'6Ctoome'6Ce'#+ain<ume"e'#+ain<ume"}



 _{omileomile}



 _{Pus+ /e'#+ainVdume" to iOS de5i#ePus+ /e'#+ainVdume" to iOS de5i#e}



 _{?se /e'#+ainVdume" to exo"t all t+e "e_ui"ed entitlements?se /e'#+ainVdume" to exo"t all t+e "e_ui"ed entitlements}



 _{?se ldid to sign t+ese entitlements into /e'#+ainVdume"?se ldid to sign t+ese entitlements into /e'#+ainVdume"}



 _{3e"un /e'#+ainVdume" to dum all a##essible /e'#+ain items3e"un /e'#+ainVdume" to dum all a##essible /e'#+ain items}

+ttBlabsFneo+asisF#omQ:Q:Q/e'#

'#"it

'#"it



 _{'#"it is an imlementation o$ Ja5aS#"it t+at #an'#"it is an imlementation o$ Ja5aS#"it t+at #an}

inte"a#t it+ Ob.e#ti5e< #lasses and ob.e#tsF One o$ inte"a#t it+ Ob.e#ti5e< #lasses and ob.e#tsF One o$ t+e most use$ul $un#tions o$ '#"it is its abilit' to t+e most use$ul $un#tions o$ '#"it is its abilit' to atta#+ di"e#tl' to a "o#ess, mu#+ li/e

atta#+ di"e#tl' to a "o#ess, mu#+ li/e gd",gd", and alte"and alte" t+e state o$ t+e

t+e state o$ t+e "unning ali#ationF Wi"unning ali#ationF Wit+ '#"it, 'out+ '#"it, 'ou #an maniulate existing ob.e#ts al"ead' in 'ou"

#an maniulate existing ob.e#ts al"ead' in 'ou"

ali#ation2s memo"', o" instantiate ne ob.e#ts, su#+ ali#ation2s memo"', o" instantiate ne ob.e#ts, su#+ as ne 5ie

as ne 5ie #ont"olle#ont"olle" #lasses o" " #lasses o" indosFindosF



 _{'#"it #an a##ess and #+ange instan#e 5a"iables'#"it #an a##ess and #+ange instan#e 5a"iables}

di"e#tl', send and inte"#et messages, a##ess t+e "un di"e#tl', send and inte"#et messages, a##ess t+e "un loo, o5e""ide met+ods, and al/ t+"oug+ an

loo, o5e""ide met+ods, and al/ t+"oug+ an ob.e#t2sob.e#t2s inte"nal met+ods, "oe"ties, and instan#e 5a"iablesF inte"nal met+ods, "oe"ties, and instan#e 5a"iablesF '#"it #an be used to

'#"it #an be used to easil' +i.a#/ and maniulateeasil' +i.a#/ and maniulate oo"l' "itten ali#ations to

oo"l' "itten ali#ations to bypass authenticationbypass authentication

screens

screens, #i"#um5ent sanit' #+e#/s, and e"$o"m a, #i"#um5ent sanit' #+e#/s, and e"$o"m a numbe" o$ ot+e" +a#/ing a#ti5ities to ma/e an

P"

P"

o

o

x' 

x' 

ssue

ssue

s

s



 _{We all lo5e 8u" 8?% 'ou ill "un into "oblemsWe all lo5e 8u" 8?% 'ou ill "un into "oblems}

sometimesF sometimesF



 _{St"i#t en$o"#ing o$ SSLSt"i#t en$o"#ing o$ SSL}



 _{"a' iOS and Simulato" "oblems"a' iOS and Simulato" "oblems}



 _{ong"ade H%%PS to H%%P in bu"ong"ade H%%PS to H%%P in bu"}

+e#/box unde" "ox'

+e#/box unde" "ox'



 _{NS 8la#/HolingNS 8la#/Holing} 

 _{W+at about non H%%P and H%%PS "oto#ols t+atW+at about non H%%P and H%%PS "oto#ols t+at}

ali#ations mig+t use ali#ations mig+t use



 _{*allo"' %P nte"#etion "ox'*allo"' %P nte"#etion "ox'}



Se"5e" Side ssues

 _{Se"5e" SideB}

 _{Web test  eb se"5i#e test}

 _{We /no t+e eb $un#tions}

  _{%"' to Gnd t+e deGnitions $o" unublis+ed ones}

 _n.e#tions

Ho #an 'ou get sta"ted

 _{*ost o$ t+e simle 5ulns e +a5e}

dis#ussed toda' #an be done as

examles in OWASPs i-oat Ali#ationB

 _{We +a5e added 6 ne exe"#isesB}  _{&o"mat st"ing in.e#tion}

 _{Plist data dis#losu"e}

 _DSS

 _{ode not in t"un/ 'et ( Will be t+e"e soon!}