SlideShare uma empresa Scribd logo

iOS development - tips & tricks

Stefan Tsvyatkov
Stefan Tsvyatkov
Software
1 de 17
Baixar para ler offline
iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov
iOS Development - Tips & Tricks Agenda  Why iOS  Some challenges  iOS Security
iOS Development - Tips & Tricks About Me  Started with
iOS Development - Tips & Tricks About Me
iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }
iOS Development - Tips & Tricks  Table view  Background image  Custom drawn cells … flipped Watch video @ http://youtu.be/Um971SFzOfQ
iOS Development - Tips & Tricks Watch video @ http://youtu.be/HrK6PevFYkI
iOS Development - Tips & Tricks Scroll View Custom View
iOS Development - Tips & Tricks
iOS Development - Tips & Tricks Security in iOS  Local Storage  Communication with the server  Binary analysis and manipulation
iOS Development - Tips & Tricks Local Storage Security  NSUserDefaults  Convenient  Not encrypted by default  Keeps the data in a plist file  CoreData  Not encrypted by default  Keeps the data in sqlite db Not secure
iOS Development - Tips & Tricks Local Storage Security  Keychain Access  Encrypted by default  A bit more complex for use  Insecure on jailbroken devices  Data encryption  Crypto API  Obfuscate the encryption key  Use unique device information String constant [[UIDevice currentDevice] identifierForVendor] Custom algorith Secure encryption
iOS Development - Tips & Tricks Server Communication Security  Use SSL  Don’t accept self-signed certificates  Client and server side data validation
iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" ! int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } }  ptrace  Deny a debugger to attach  Can be patched from binary  Put it in multiple places
iOS Development - Tips & Tricks !  SEC_IS_BEING_DEBUGGED_RETURN_NIL() ! ! ! ! ! !  Check if a debugger is attached  Hard to be patched from binary  Make the check regularly and in critical parts  Doesn’t work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif
iOS Development - Tips & Tricks Conclusion  Keychain Access for storing  SSL for transporting  Check for debuggers  100% security does not exist
iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov

Recomendados

iOS Development - Tips & Tricks
iOS Development - Tips & TricksiOS Development - Tips & Tricks
iOS Development - Tips & Tricksit-tour
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
CDE personalised learning
CDE personalised learningCDE personalised learning
CDE personalised learningJames Ballard
 
JISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJames Ballard
 
Learner enhanced technology
Learner enhanced technologyLearner enhanced technology
Learner enhanced technologyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
Estudio de factibilidad
Estudio de factibilidadEstudio de factibilidad
Estudio de factibilidadCamilo Rivera
 
Personalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyPersonalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyJames Ballard
 

Recomendados

iOS Development - Tips & Tricks
iOS Development - Tips & TricksiOS Development - Tips & Tricks
iOS Development - Tips & Tricksit-tour
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
CDE personalised learning
CDE personalised learningCDE personalised learning
CDE personalised learningJames Ballard
 
JISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJames Ballard
 
Learner enhanced technology
Learner enhanced technologyLearner enhanced technology
Learner enhanced technologyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
Estudio de factibilidad
Estudio de factibilidadEstudio de factibilidad
Estudio de factibilidadCamilo Rivera
 
Personalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyPersonalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
The a&h bomb
The a&h bombThe a&h bomb
The a&h bombAli Mas
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3abhamber
 
e-ILP
e-ILPe-ILP
e-ILPJames Ballard
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketingJolene Sopalski
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Bhukya Veeranna
 
Rpm savannah dinner
Rpm savannah dinnerRpm savannah dinner
Rpm savannah dinnerJolene Sopalski
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclynadriennelarry
 
Learner engagement
Learner engagementLearner engagement
Learner engagementJames Ballard
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selectionNikhit
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things finalJolene Sopalski
 
Q3 presentation
Q3 presentationQ3 presentation
Q3 presentationYacine Boudjeltia
 
FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsPetr Dvorak
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelinesVandana Verma
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesChris Love
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningSynack
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 

Mais conteúdo relacionado

Destaque

The a&h bomb
The a&h bombThe a&h bomb
The a&h bombAli Mas
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3abhamber
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketingJolene Sopalski
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Bhukya Veeranna
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclynadriennelarry
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selectionNikhit
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things finalJolene Sopalski
 

Destaque (12)

Question 1
Question 1 Question 1
Question 1
 
The a&h bomb
The a&h bombThe a&h bomb
The a&h bomb
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3
 
e-ILP
e-ILPe-ILP
e-ILP
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketing
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA
 
Rpm savannah dinner
Rpm savannah dinnerRpm savannah dinner
Rpm savannah dinner
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclyn
 
Learner engagement
Learner engagementLearner engagement
Learner engagement
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selection
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things final
 
Q3 presentation
Q3 presentationQ3 presentation
Q3 presentation
 

Semelhante a iOS development - tips & tricks

FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsPetr Dvorak
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelinesVandana Verma
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesChris Love
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningSynack
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
MFF UK - Introduction to iOS
MFF UK - Introduction to iOSMFF UK - Introduction to iOS
MFF UK - Introduction to iOSPetr Dvorak
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101wireharbor
 
Testing at Both Ends of the Triangle
Testing at Both Ends of the TriangleTesting at Both Ends of the Triangle
Testing at Both Ends of the TriangleDerek Graham
 
PowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGPowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGTaylor Riggan
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)Igor Bronovskyy
 

Semelhante a iOS development - tips & tricks (20)

FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS Basics
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelines
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninja
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniques
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloud
 
MFF UK - Introduction to iOS
MFF UK - Introduction to iOSMFF UK - Introduction to iOS
MFF UK - Introduction to iOS
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101
 
Testing at Both Ends of the Triangle
Testing at Both Ends of the TriangleTesting at Both Ends of the Triangle
Testing at Both Ends of the Triangle
 
Node azure
Node azureNode azure
Node azure
 
PowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGPowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUG
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Rsockets ofa12
Rsockets ofa12Rsockets ofa12
Rsockets ofa12
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
 

Último

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 

Último (20)

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 

iOS development - tips & tricks

  • 1. iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov
  • 2. iOS Development - Tips & Tricks Agenda  Why iOS  Some challenges  iOS Security
  • 3. iOS Development - Tips & Tricks About Me  Started with
  • 4. iOS Development - Tips & Tricks About Me
  • 5. iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }
  • 6. iOS Development - Tips & Tricks  Table view  Background image  Custom drawn cells … flipped Watch video @ http://youtu.be/Um971SFzOfQ
  • 7. iOS Development - Tips & Tricks Watch video @ http://youtu.be/HrK6PevFYkI
  • 8. iOS Development - Tips & Tricks Scroll View Custom View
  • 9. iOS Development - Tips & Tricks
  • 10. iOS Development - Tips & Tricks Security in iOS  Local Storage  Communication with the server  Binary analysis and manipulation
  • 11. iOS Development - Tips & Tricks Local Storage Security  NSUserDefaults  Convenient  Not encrypted by default  Keeps the data in a plist file  CoreData  Not encrypted by default  Keeps the data in sqlite db Not secure
  • 12. iOS Development - Tips & Tricks Local Storage Security  Keychain Access  Encrypted by default  A bit more complex for use  Insecure on jailbroken devices  Data encryption  Crypto API  Obfuscate the encryption key  Use unique device information String constant [[UIDevice currentDevice] identifierForVendor] Custom algorith Secure encryption
  • 13. iOS Development - Tips & Tricks Server Communication Security  Use SSL  Don’t accept self-signed certificates  Client and server side data validation
  • 14. iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" ! int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } }  ptrace  Deny a debugger to attach  Can be patched from binary  Put it in multiple places
  • 15. iOS Development - Tips & Tricks !  SEC_IS_BEING_DEBUGGED_RETURN_NIL() ! ! ! ! ! !  Check if a debugger is attached  Hard to be patched from binary  Make the check regularly and in critical parts  Doesn’t work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif
  • 16. iOS Development - Tips & Tricks Conclusion  Keychain Access for storing  SSL for transporting  Check for debuggers  100% security does not exist
  • 17. iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov