Category Archives: iPad

On SSL Pinning for Cocoa [Touch]

Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading

Posted in code-level, iPad, iPhone, ssl | 6 Comments

TDD/unit testing video training for iOS developers

I recently recorded a series of videos on unit testing and test-driven development for iOS developers with Scotty of iDeveloper.tv. The videos and associated source code is now available for purchase and download.

Posted in code-level, iDeveloper.TV, iPad, iPhone, software-engineering, Talk, TDD, tool-support | Comments Off on TDD/unit testing video training for iOS developers

On what Marcus said

This post is a response to Why so serious? over at Cocoa is my Girlfriend. Read that. Welcome back. OK, so firstly let’s talk about that damned carousel. Kudos to the developer who wrote a nice smoothly scrolling layer-backed image … Continue reading

Posted in code-level, iDeveloper.TV, iPad, software-engineering | 1 Comment

A Cupertino Yankee in the Court of King Ballmer

This post summarises my opinions of Windows Phone 7 from the Microsoft Tech Day I went to yesterday. There’s a new version of Windows Phone 7 (codenamed Mango) due out in the Autumn, but at the Tech Day the descriptions … Continue reading

Posted in Business, iPad, iPhone, Mac, tool-support, WebObjects, WinPhone | 1 Comment

On the top 5 iOS appsec issues

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

On platform-specific strategies

I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading

Posted in code-level, iPad, iPhone, Mac, software-engineering | 2 Comments

Storing and testing credentials: Cocoa Touch Edition

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

What happens when you jailbreak an iPad

Having played around with an iPad running a jailbreak OS yesterday, I thought it would be useful to explain one possible attack that doesn’t seem to get much coverage. As I’ve discussed in numerous talks, the data protection feature of … Continue reading

Posted in Encryption, iPad, iPhone, ssh | 2 Comments

On NSInvocation

I was going to get down to doing some writing, but then I got some new kit I needed to set up, so that isn’t going to happen. Besides which, I was talking to one developer about NSInvocation and writing … Continue reading

Posted in Foundation, iPad, iPhone, Mac, software-engineering | Leave a comment

On Fuzzy Aliens

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment