3rd party iOS applications are a tricky animal. In contrast to Android applications written in a language like java, Objective-C, the iOS runtime, Xcode, and the vulnerabilities baked into the platform are a new area for auditors, QA, and pentesters. This talk is designed to get you thinking about app security in the mobile space, and will help you get started in the iOS world. I will present a methodology and some common vulnerabilities through both the lens of blackbox and whitebox testing, illustrating dynamic testing techniques and static review techniques