iOS App development: you are doing it wrong. 5 tips to improve your app security.

Transcript

1. iOS App Development you are doing it Wrong ! ©

   Matteo Crippa / boostco.de, 2016 1

2. ! tips to improve your (app) security © Matteo Crippa

   / boostco.de, 2016 2

3. Hacking & Phishing is done by professional !. 1 mr.

   Obvious © Matteo Crippa / boostco.de, 2016 3

4. ! are the biggest security issue in your App 1

   Chinese Developer proverb © Matteo Crippa / boostco.de, 2016 4

5. 1. Alert ! them if VPN is required A lot

   of ! forget to activate their VPN tunnel before using your app. Be smart, provide them a feedback about this and also guide them on how to activate it. © Matteo Crippa / boostco.de, 2016 5

6. 2. Passwords are user's worst nightmares ! ! hate to

   manage and deal with passwords, this make them vulnerable 'cuz they are using stupid common passwords. If you are working with devices with finger printing detector sensors, makes use of this technology (eg. TouchID) in order to improve security vs password laziness. © Matteo Crippa / boostco.de, 2016 6

7. 3. ! Tame your logs During app development, logs save

   you a lot of ⌛. But, please, disable them when you turn your app in production. Looking at logs someone can discover easily issues or flows and use them. © Matteo Crippa / boostco.de, 2016 7

8. 4. Jailbreaking, hurts ! iOS apps are secure, are sandboxed,

   etc etc. This works fine till a device is jailbreaked. Since that very moment you can start having fun looking inside your app directory, code and going on. Avoid to add sensitive data inside plists files and encrypt as much as you can storing the sensitive data inside the keychain. © Matteo Crippa / boostco.de, 2016 8

9. 5. RTFM ! There are really interesting (& free) resources

   about app security: 4 iOS Developer cheatsheet by OWASP 4 OSX Secure Coding © Matteo Crippa / boostco.de, 2016 9

10. boostco.de © Matteo Crippa / boostco.de, 2016 10