Mobile App Security (MMAS Exam): iOS Edition

Introduction

iOS app development is a valuable skill set for a programmer today. An important part of that skill set is the ability to create apps that protect you, your users, and your users’ organizations from attack. In this course, you will learn why it is critical to build security into your iOS apps, how to improve your programming processes to promote security, and how to provide countermeasures for the numerous threats to which an iOS app and its users are exposed. 

In this course, you will develop secure native apps for iOS mobile devices. 
You will:

  • Explain why an organization should devote time and resources to app security, including specific rationale for iOS app development.
  • Identify where and how the iOS system architecture is vulnerable to security threats.
  • Apply strategies to promote the security of mobile apps, including specific strategies for iOS.
  • Enable an iOS app to communicate securely with hardware and software on the device.
  • Enable an iOS app to secure data through encryption.
  • Enable an iOS app to store data securely.
  • Enable an iOS app to communicate securely over networks and with web services.
  • Use the UIWebView component securely.
  • Protect credentials in storage and in transit.
  • Harden an iOS app against attack to levels appropriate for the risk model.

Course Outline

Lesson 1: The Rationale for IOS App Security

  • Topic A: Identify the Need for Security
  • Topic B: Identify Security Requirements and Expectations
  • Topic C: Include Security in Your Development Processes
  • Topic D: Identify Your Approach to Risk Management

Lesson 2: The iOS Security Architecture

  • Topic A: Strengths and Weaknesses of the iOS Security Architecture
  • Topic B: iOS App Construction
  • Topic C: iOS Vulnerabilities

Lesson 3: Employing Secure Mobile App Development Strategies

  • Topic A: Follow App Security Best Practices
  • Topic B: Protect Against Threats
  • Topic C: Software Development Life Cycle (SDLC)
  • Topic D: Design for Security
  • Topic E: Conduct Security Testing and Analysis
  • Topic F: Write Secure Objective-C Code

Lesson 4: Accessing Local Processes and Devices Securely

  • Topic A: Select Countermeasures for Local Threats
  • Topic B: Implement Secure Access of Local Processes and Hardware

Lesson 5: Securing Data Through Encryption

  • Topic A: Select Countermeasures for Threats to Cleartext Data
  • Topic B: Implement Encryption

Lesson 6: Accessing Local Storage Securely

  • Topic A: Identify Countermeasures for Local Storage Threats
  • Topic B: Implement Secure Access of Local Storage

Lesson 7: Communicating with Networks and Web Services Securely

  • Topic A: Identify Networking Threats
  • Topic B: Identify Countermeasures for Networking Threats
  • Topic C: Implement Secure Network Communication

Lesson 8: Using the UIWebView Component Securely

  • Topic A: Identify Countermeasures for UIWebView Component Threats
  • Topic B: Implement UIWebView Security

Lesson 9: Protecting Credentials in Storage and Transit

  • Topic A: Identify Countermeasures for Threats to Credentials
  • Topic B: Implement Secure User Authentication
  • Topic C: Implement Keychain

Lesson 10: Hardening Apps Against Attack

  • Topic A: Identify Countermeasures for Reverse Engineering Threats
  • Topic B: Harden an App