3rd party iOS applications are a tricky animal. In contrast to Android applications written in a language like java, Objective-C, the iOS runtime, Xcode, and the vulnerabilities baked into the platform are a new area for auditors, QA, and pentesters. This talk is designed to get you thinking about app security in the mobile space, and will help you get started in the iOS world. I will present a methodology and some common vulnerabilities through both the lens of blackbox and whitebox testing, illustrating dynamic testing techniques and static review techniques
Jason Haddix is the Director of Penetration Testing at HP Fortify. Jason develops and trains internal candidates on the mobile penetration testing team. He also has done several trainings for web application hacking and network penetration testing. Jason has both led and tested on large Fortune 10 assessment teams, and spoken at several industry recognized conferences. In his spare time Jason contributes to several open source projects such as Nmap and the Fuzz Database, as well as contributes reviews and industry anecdotes/articles on offensive security tactics to several publications such as Hackin9 and The Ethical Hacker Network magazines. Jason is also a player on the competitive, academic, hacking team “ShellPhish” which plays at the Defcon Capture the Flag competition in Las Vegas.