Pentesting iOS Applications presented at OWASP AppSecAsiaPac 2012

by Jason Haddix,

Tags: Security

Summary : 3rd party iOS applications are a tricky animal. In contrast to Android applications written in a language like java, Objective-C, the iOS runtime, and the vulnerabilities baked into the platform are a new area for auditors, QA, and pentesters. I will present some of these vulnerabilities through both the lens of blackbox and whitebox testing, illustrating dynamic testing techniques and static review techniques. I will also debut a few new simple demos for security professionals to work through in the OWASP iGoat application, the vulnerable iPhone mobile application for learning.