If you’re an iOS developer, the last thing you want to do is have your app’s security flaw or information leak to become a headline in the media. No Starch Press has released “iOS Application Security – The Definitive Guide for Hackers and Developers” by David Thiel, to help developers avoid such an embarrassing predicament.
First off, let me say that I haven’t developed an app in years, and any app development knowledge I once had has gone the way of the steam engine. However, I do remember enough about app development to recognize what an excellent resource this book could be to the beginning or advanced developer who wants to make sure their apps are as secure as possible.
The author, David Thiel, has nearly 2o years of computer security experience, and his earlier work, “Mobile Application Security” helped launch the field of iOS application security, Thiel currently works for the Internet.org Connectivity Lab.
The book starts off covering the fundamentals, such as the iOS Security Model, the Objective-C language, and the iOS Application Anatomy. It then covers security testing, going into detail as to building a testing platform, debugging, and testing.
The next part of the book covers Security quirks related to the Cocoa API, iOS networking, web apps, data leakage, injection attacks, and more. Finally, the last part of the book covers how to keep data safe via encryption and authentication, and ends with a discussion on user privacy.
The chapters are laid out logically, all information is well illustrated with flowcharts, code snippets and screenshots. No matter your proficiency in app development, this book should prove a useful weapon in your development arsenal. While author Thiel provides detailed information about the subject, as the same time his writing style keeps the reader’s interest, unlike so many technical tomes that are available.
As I said, I am not a programmer, but in reading this book, I can see that it would be a major asset to any iOS developer who wants to ensure his apps ability to protect a user’s data is baked right in from the beginning.
I would highly recommend anyone interested in the field of iOS app security to at least take a close look at iOS Application Security.
Disclosure: I received this book at no cost for review. I have not been compensated for this review. All thoughts and opinions are mine.