Development of secure iOS applications (October 2015)


Veröffentlicht: von Stefan Esser   |   Read in English   |  Weitere Einträge über Blog iOS-Dev-Training
/images/ipad.jpg
Instructors: Stefan Horst and Stefan Esser
Dates: 21th October - 23rd October 2015 (3 days)
Venue: Le Méridien Parkhotel Frankfurt, Germany
Availability: 15 Seats
Language: English

Dieses Training ist in englischer Sprache. Wir organisieren eine deutsche Version dieser Schlung bereits im Juli in Köln.

Weitere Informationen zum Training im Juli.

Since 2007 SektionEins has been organising trainings for various topics related to IT security. Our experts share their knowledge gained from every day security audits and internal research, refined with hands-on exercises and solid background knowledge.

This iOS security training is an introduction to possible security threats to your iOS applications and teaches how to minimize security risks already during the development of the application. Different attacks and their countermeasures, combined with safe programming guidelines will be discussed by means of a demo application. The target audience for this training course are iOS application developers from beginners to seasoned programmers.

Topics

  • Introduction
  • Common vulnerabilities of iOS applications
    • information leakage
    • insufficient encryption
    • TLS problems (certificate-pinning)
    • memory corruptions
    • logical vulnerabilities
    • in-app purchase vulnerabilities
  • Common problems with the server side of iOS applications
    • Information Leakage
    • private keys in applications
  • Jailbreaking & Debugging
    • detect jailbreaks and debuggers
    • protect data in a jailbroken environment
  • Secure Development
    • compilerproblems
    • iOS data protection
    • keychain access
    • error handling and logging
    • threat modelling and SDL
  • Access controls
  • Using encryption and random numbers in iOS applications
  • Understand how iOS application security tests are performed and what tools are used

Trainingmaterial

  • Attendees will receive a printed and a digital copy of the training material.
  • Examples and training exercises will be made available including source code.

Requirements

  • Trainee requirements
    • trainees must be capable of understanding programming examples in Objective C and Swift
    • trainees must be capable of solving programming tasks in one of those languages
  • Hardware requirements
    • Apple MacBook to run OS X Yosemite and XCode.
    • Hands-on taks will be performed on iOS devices provided by SektionEins for the duration of the training. Attendees do not need to bring an own iOS device.
    • Attendees can optionally bring their own iOS device, to perform exercises on own devices. These devices should run with the most current iOS version.
  • Software requirements
    • Mac OS X Yosemite, with current XCode and iOS 8.x SDK (or newer)

Venue

The training will be held at the Le Méridien Parkhotel Frankfurt (Germany). The hotel is located near the main train station of Frankfurt, which is an ICE train ride of about 20 minutes away from the airport of Frankfurt (FRA).

Address:
Le Méridien Parkhotel Frankfurt
Wiesenhüttenplatz 28-38
60329 Frankfurt am Main


View Larger Map

The hotel offers up to 10 rooms for a special rate of 150,- EUR/night (including breakfast) until 6 weeks before the training. They will be given out on a first come first serve basis.

Pricing

We offer the following rates for this training. Attention: Trainees paying for the training themselves or companies within the European Union have to pay VAT on top of the base price.

  Price VAT
Early Bird (before 6th July) 2000,- EUR 380,- EUR
Regular (before 15th September) 2250,- EUR 427,50 EUR
Late (after 15th September) 2500,- EUR 475,- EUR

The training ticket price includes a daily lunch buffet (or 3 course menu), various food selections during morning and afternoon coffee breaks, free soft drinks in the training room and a one night surprise dinner.

Register

If you have further questions or want to register for this training please contact us by e-mail training@sektioneins.de.

In-House Training / Conferences / Additional Trainings

If you are interested in this training, but want us to perform the training for your people at your office, want to feature our training at your conference or would just like to know if we provide the training again at a later time please contact us by e-mail training@sektioneins.de.