In this talk, we review common classes of iOS mobile application flaws as seen in real-world applications. Moreover, to assist the community in assessing security risks of mobile apps, we introduce a new tool called 'idb' and show how it can be used to efficiently test for a range of iOS app flaws. In order to illustrate how apps commonly fail at safeguarding sensitive data, each vulnerability class is first introduced and discussed. We then demonstrate how idb can be used to uncover these flaws from a black-box perspective and provide guidance on how to mitigate each flaw.
Daniel is a consultant with Matasano Security. His experience includes penetration testing, cryptographic protocol analysis and design, security research, and system and network administration.