I have written a blog series on iOS Application Security. The complete list of tutorials can be found below
- iOS Application security Part 1 – Setting up a mobile pen-testing platform
- iOS Application security Part 2 – Getting class information of IOS app
- iOS Application security Part 3 – Understanding the Objective-C Runtime
- iOS Application Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
- iOS Application security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App
- iOS Application Security Part 6 – New Security Features in IOS 7
- iOS Application Security Part 7 – Installing and Running Custom Applications on Device without a registered developer account
- iOS Application Security Part 8 – Method Swizzling using Cycript
- iOS Application Security Part 9 – Analyzing Security of iOS Applications using Snoop-it
- iOS Application Security Part 10 – iOS Filesystem and Forensics
- iOS Application Security Part 11 – Analyzing Network Traffic over HTTP/HTTPS
- iOS Application Security Part 12 – Dumping Keychain Data
- iOS Application Security Part 13 – Booting a custom Ramdisk using Sogeti Data Protection tools
- iOS Application Security Part 14 – Gathering information using Sogeti Data Protection tools
- iOS Application Security Part 15 – Static Analysis of iOS Applications using iNalyzer
- iOS Application Security Part 16 – Runtime Analysis of iOS Applications using iNalyzer
- iOS Application Security Part 17 – Black-Box Assessment of iOS Applications using INTROSPY
- iOS Application Security Part 18 – Detecting custom signatures with Introspy
- iOS Application Security Part 19 – Programmatical Usage of Introspy
- iOS Application Security Part 20 – Local Data Storage
- iOS Application Security Part 21 – ARM and GDB Basics
- iOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB
- iOS Application Security Part 23 – Defending against runtime analysis and manipulation
- iOS Application Security Part 24 – Jailbreak Detection and Evasion
- iOS Application Security Part 25 – Secure Coding Practices for IOS Development
- iOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend
- iOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak
- iOS Application Security Part 28 – Patching IOS Application with Hopper
- iOS Application Security Part 29 – Insecure or Broken Cryptography
- IOS Application Security Part 30 – Attacking URL schemes
- IOS Application Security Part 31 – The problem with using third party libraries for securing your apps
- iOS Application Security Part 32 – Automating tasks with iOS Reverse Engineering Toolkit (iRET)
- iOS Application Security Part 33 – Writing tweaks using Theos (Cydia Substrate)
- OS Application Security Part 34 – Tracing Method calls using Logify
- iOS Application Security Part 35 – Auditing iOS Applications With iDB
- iOS Application Security Part 36 – Bypassing certificate pinning using SSL Kill switch
- iOS Application Security Part 37 – Adapting to iOS 8
- iOS Application Security Part 38 – Attacking apps using Parse (Guest Lecture by Egor Tolstoy)
- iOS Application Security Part 39 – Sensitive information in memory
- iOS Application Security Part 40 – Testing apps on your Mac
- iOS Application Security Part 41 – Debugging Applications Using LLDB
- iOS Application Security Part 42 – LLDB Usage Continued
- iOS Application Security Part 43 – FAT Binaries & LLDB Usage Continued
- iOS Application Security Part 44 – Bypassing Jailbreak detection using Xcon
- iOS Application Security Part 45 – Enhancements in Damn Vulnerable iOS app version 2.0
- iOS Application Security Part 46 – App Transport Security