Professional Cocoa Application Security
(Sprache: Englisch)
Professional Cocoa Application Security explains the importance of considering security at every stage of the software development process, and then describes how to design, implement and deploy secure software on Macs and iPhones, taking advantage of...
Leider schon ausverkauft
versandkostenfrei
Buch
50.83 €
Produktdetails
Produktinformationen zu „Professional Cocoa Application Security “
Klappentext zu „Professional Cocoa Application Security “
Professional Cocoa Application Security explains the importance of considering security at every stage of the software development process, and then describes how to design, implement and deploy secure software on Macs and iPhones, taking advantage of Apple-provided security features. It describes how users might configure their system's security and its impact on the developers' applications, and provides sample code to complement the explanations of security features. Topics covered include (among many others):Designing secure applications - why it's cheaper to start thinking about security before you've written any code, techniques to identify security requirements and classify them according to risk.
The keychain - both Mac OS X and the iPhone OS provide secure storage for passwords and other sensitive data known as the keychain. This book describes how the keychain is implemented and configured on both systems, and through sample code demonstrates how an application can useit for its own confidential information.
Securely using the filesystem - Mac OS X and the iPhone OS use the same filesystem, which is one of the components with a direct UNIX heritage. This chapter starts by explaining the basic concepts of access control in UNIX filesystems. It then describes OS X-specific enhancements including access control lists and encrypted containers.
Writing secure application code - A discussion of pitfalls commonly encountered by both C and Objective-C programmers which can lead to exploitable vulnerabilities.
Professional Cocoa Application Security explains the importance of considering security at every stage of the software development process, and then describes how to design, implement and deploy secure software on Macs and iPhones, taking advantage of Apple-provided security features. It describes how users might configure their system's security and its impact on the developers' applications, and provides sample code to complement the explanations of security features. Topics covered include (among many others):
- Designing secure applications - why it's cheaper to start thinking about security before you've written any code, techniques to identify security requirements and classify them according to risk.
- The keychain - both Mac OS X and the iPhone OS provide secure storage for passwords and other sensitive data known as the keychain. This book describes how the keychain is implemented and configured on both systems, and through sample code demonstrates how an application can use it for its own confidential information.
- Securely using the filesystem - Mac OS X and the iPhone OS use the same filesystem, which is one of the components with a direct UNIX heritage. This chapter starts by explaining the basic concepts of access control in UNIX filesystems. It then describes OS X-specific enhancements including access control lists and encrypted containers.
- Writing secure application code - A discussion of pitfalls commonly encountered by both C and Objective-C programmers which can lead to exploitable vulnerabilities.
- Designing secure applications - why it's cheaper to start thinking about security before you've written any code, techniques to identify security requirements and classify them according to risk.
- The keychain - both Mac OS X and the iPhone OS provide secure storage for passwords and other sensitive data known as the keychain. This book describes how the keychain is implemented and configured on both systems, and through sample code demonstrates how an application can use it for its own confidential information.
- Securely using the filesystem - Mac OS X and the iPhone OS use the same filesystem, which is one of the components with a direct UNIX heritage. This chapter starts by explaining the basic concepts of access control in UNIX filesystems. It then describes OS X-specific enhancements including access control lists and encrypted containers.
- Writing secure application code - A discussion of pitfalls commonly encountered by both C and Objective-C programmers which can lead to exploitable vulnerabilities.
Inhaltsverzeichnis zu „Professional Cocoa Application Security “
Introduction.Chapter 1: Secure by Design.About Cocoa Security.Profiling Your Application's Security Risks.Defining the Security Environment.Defining Threats.Defining and Mitigating Vulnerabilities.Summary.Chapter 2: Managing Multiple Users.Caveat for iPhone Developers.Why We Have Multiple Users.User Groups.Understanding Directory Services.Accessing User Preferences and Managed Preferences.Summary.Chapter 3: Using the Filesystem Securely.UNIX Permissions.Filesystem Flags.Access Control Lists.FileVault and Other Encryption Options.Network Filesystems.Layout and Security of a Typical Mac OS X Filesystem.Aliases and Bookmarks.Quarantining Downloaded Files.Securely Deleting Files.Disk Arbitration.Summary.Chapter 4: Handling Multiple Processes.Privilege Separation.Designing Multiple-Process Systems.Managing Process Lifecycles with Launchd.How to Use Setuid and Setgid.Communication between Processes.Playing in the Sandbox.Guaranteeing Code's Origin.Summary.Chapter 5: Storing Confidential Data in the Keychain.What Is the Keychain?Why Should I Use the Keychain?How to Take Advantage of the Keychain.Keychain on the iPhone.Summary.Performing Chapter 6: Privileged Tasks.How to Acquire Rights.Factored Applications with Authorization Services.The Authorization Database.Why Not to Launch Privileged Tasks with Authorization Services.The Padlock.Authorization Plug-Ins.Summary.Chapter 7: Auditing Im portant Operations.Examples of Auditing.Using Apple System Logger.Basic Security Module.Summary.Chapter 8: Securing Network Connections.Remote Authentication.Privilege Boundaries in Networked Applications.Does 'Bonjour' Mean It's Adieu to Network Security?Working with the Firewall.Network Configuration with SystemConfiguration.Taking Advantage of SSL.Summary.Chapter 9: Writing Secure Application Code.Secure Objective-C Coding.Secure C Coding.Code Reviews and Other Bug-Finding Techniques.Summary.Deploying Chapter 10: Software Securely.Writing Security Documentation.Identify Yourself with
... mehr
Code Signing.Giving Your Code to Your Users.Rolling Your Own Installer.Deploying Privileged Helpers without Installers.Responding to Security Problems.Summary.Chapter 11: Kernel Extensions.The Kernel Environment.Filesystem Access Authorization with Kauth.Summary.Chapter 12: Conclusion and Further Reading.Further Reading.Index.
... weniger
Autoren-Porträt von Graham J. Lee
Graham J. Lee is an independent security contractor, focusing on Mac and iPhone applications. He is a regular speaker on Mac security, and writes the security column for the Mac Developer Network.
Bibliographische Angaben
- Autor: Graham J. Lee
- 2010, 336 Seiten, Maße: 18,8 x 23,4 cm, Kartoniert (TB), Englisch
- Verlag: Wiley & Sons
- ISBN-10: 0470525959
- ISBN-13: 9780470525951
Sprache:
Englisch
Kommentar zu "Professional Cocoa Application Security"
0 Gebrauchte Artikel zu „Professional Cocoa Application Security“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Professional Cocoa Application Security".
Kommentar verfassen