IOS Pentesting and Security Training
Beginner • Advanced
Overview
The iOS Pentesting and Security Training is a specialised course within the Security Assessment domain that focuses on pentesting iOS mobile applications. This course is designed for students and professionals who wish to pursue a career in mobile penetration testing.
The training provides an in-depth coverage of iOS app penetration testing, with a highly practical and instructor-led approach. It starts from the basics, ensuring that even candidates with little or no knowledge of iOS can follow along. The course begins with an introduction to the specifics of the iOS platform, covering iOS architecture, security standards, decryption of iOS applications, reversing code quality, scanning for targeted issues, exploiting common vulnerabilities in iOS devices and apps, forensics of iOS devices, network monitoring on iDevices, and automated tools to complete tasks.
The course primarily focuses on real-world vulnerabilities in iOS applications, daemons, services, and Apple’s iMessage. To facilitate practical learning, we have selected a number of previously disclosed real-world vulnerabilities for each topic. This ensures that candidates learn from real examples and not just mock-up bugs.
The iOS Pentesting and Security Training is designed to be a complete guide to understanding and practicing iOS mobile app hacking efficiently in real-time. It is an online certification course by Certcube Labs, with study materials and references provided to enhance learning and understanding. By the end of this course, participants will have gained the knowledge and skills required to identify and exploit vulnerabilities in iOS mobile applications.
What You’ll Learn
- IOS Security Model and Security Frameworks
- IOS Pentesting Lab Setup
- Pentesting IOS Storage
- SAST and DAST IOS Applications
Training Modules
IOS Application Pentesting Foundations
- Mobile OWASP Top 10
- IOS Security Mechanisms & Architecture
- Secure Boot Chain
- MVC And Event Driven Architecture
- ARM Processor
- Application Isolation
- Data Encryption & Network Security
IOS Security Foundations
- iOS Security Model
- iOS File System isolation
- Application Sandbox
- iOS Device Architecture
- iOS App Development Background Concepts
- Simulator vs. Emulator
- Analyzing Application permissions
IOS Pentesting Tools and Simulation Setup
- XCode methodologies
- iOS Simulators
- Jailbreaking Essentials
- Jailbroken Device Lab Setup
- Exploring Custom App stores
- Setting up pentesting apps
- iOS PenTesting Tools Setup
IOS Application Storage Exploitation
- Application Storage Analysis
- Decrypting Appstore Applications
- File System and access security
- File System Data Protection Class
- Accessing the File Systems
- Application storages management
- Property list files basics
- Tampering with Property list files
- Investigating Plist files for stored credentials and process information
- iOS Database files analysis
- Snapshots Storage analysis
- Persistent Cookies in iOS
- Investigating Logs of applications
- Keyboard Cache snoop
- Cryptographic issues
- Accessing Keychains and Dumping data from keychains
Static Code Analysis of IOS Applications
- Static code analysis of an application
- The IPA file package container insights
- Tampering with IPA Content
- Investigating View Controllers
- Investigating Info.plist file
- Listing all CFUR types on a device Investigating Binaries
- Understating of iOS Binary Application Structure Encryption
- Decrypting Applications Binaries
- Investigating binary content of App
- Hands-on Lab: Binary Static Analysis manual and automated
Dynamic IOS Application Security Testing
- Scanning IOS applications
- Burp Suite Essentials
- Certificate Pinning
- Runtime Analysis with Cycript
- Working with Cycript + Class-dump-Z
- Snoop-it & Keychain Dumper
- Frida and Objection for Dynamic Analysis
- Insecure Cryptography attacks
- Attacking URL Schemes
- Client – Server Api and Web attacks
- Privilege Escalation methodologies
- Machine Level Analysis basics
- Sensitive Files Issues at the memory level
- Runtime Analysis & manipulation with GDB , IDA , Hooper
- Anti-piracy with GDB
- Audit IOS applications
- iOS Secure Development Best Practices
Who Can Apply For The Training ?
- Individuals possessing a bachelor’s degree and a fascination with acquiring advanced proficiencies in Mobile Application Security.
- Professionals aspiring for career advancement in the field of Pentesting Mobile Applications.
- Individuals with a bachelor’s degree in an IT-related discipline who aspire to shift their focus towards Mobile Application Security.
- Product Managers with a desire to enhance their competence in the realm of Mobile Application Security through upskilling.
- Development Teams interested in mastering Pentesting skills to construct secure Mobile applications and platforms.
Details
Self-Paced Training
Self-paced, the ultimate in flexible cybersecurity learning! With unlimited access to your training, you can learn at your own pace, wherever and whenever it’s convenient for you. Our program includes all labs, exercises, and live support from Codefensive subject matter experts to ensure your success. Join us now to take control of your cybersecurity education!
On-Demand Live Training
Join virtual Codefensive training experience, right from the comfort of your own home! Our industry-leading instructors will deliver interactive courses via live stream, giving you the ultimate in cybersecurity education. Following each class, you’ll have the opportunity to enjoy a keynote from top industry professionals. Choose the ultimate in cybersecurity education and join us today!
Prerequisites
Basics of Computer Networks
Basics of Cyber Security
Ready to Get Started?
Book an free consultation and Join the right training for you .