Book Review: Learning iOS Penetration TestingAuthor : AZIndia News Desk
Mumbai, May 5(AZINS) Learning iOS Penetration Testing is a beginner's level book to introduce you to the field of iOS penetration testing. The book is written by Swaroop Yermalkar and is published by Packt Publishing.
The book begins with familiarising you with the fundamentals of iOS app development and security. You start with the basics and then learn how to set up a lab for application security testing.
The book then moves towards local storage and its flaws and how that plays a critical role in the case of loss or theft. You then move into the realm of wireless security by looking at traffic analysis for iOS applications. You also get an understanding of how modifying application traffic over HTTP or HTTPS works.
The next topic from there is data leakage and how it takes place through things like the cache, screenshots, pasteboard and logs amongst others.
Binary protections is the next thing the book dives into with an explanation of how to analyse iOS binaries downloaded from the App Store.
You then move into the realm of dynamic analysis which anybody in the field of application security knows all too well. In this section, you analyse an application at runtime. You also learn how to modify an application's behaviour by hooking a debugger to it.
You then move to iOS exploitation where you understand what the differences between a bind shell and a reverse shell for iOS and how a backdoor can be created. Since I was most interested in this chapter, here is where I found the most shortcomings.
The book concludes with a section on iOS forensics. The forensics section includes a short case study that I found to be a handy addition. I would have appreciated more case studies like that in other parts of the book.
I also did come across the occasional grammatical error, but that did not take away from the understanding I was getting from the book. While I did find that processes were well explained in the book, how those processes fit into the big picture could have been helpful.
Reading through the book I felt like the meat of the content was all there. There is enough for you to get the idea of what is going on if you have some understanding of the topics discussed. If you are completely new to the subject, you might have to do some reading on your own. There is a lot of content covered and it gives you a good overall understanding. The book is available in both print and eBook form. If what I have described is of interest to you, you can pick up the book at - https://www.packtpub.com/networking-and-servers/learning-ios-penetration-testing/