Professional Cocoa Application Security (ePub)

Introduction. Chapter 1: Secure by Design. About Cocoa Security. Profiling Your Application's Security Risks. Defining the Security Environment. Defining Threats. Defining and Mitigating Vulnerabilities. Summary. Chapter 2: Managing Multiple Users. Caveat for iPhone Developers. Why We Have Multiple Users. User Groups. Understanding Directory Services. Accessing User Preferences and Managed Preferences. Summary. Chapter 3: Using the Filesystem Securely. UNIX Permissions. Filesystem Flags. Access Control Lists. FileVault and Other Encryption Options. Network Filesystems. Layout and Security of a Typical Mac OS X Filesystem. Aliases and Bookmarks. Quarantining Downloaded Files. Securely Deleting Files. Disk Arbitration. Summary. Chapter 4: Handling Multiple Processes. Privilege Separation. Designing Multiple-Process Systems. Managing Process Lifecycles with Launchd. How to Use Setuid and Setgid. Communication between Processes. Playing in the Sandbox. Guaranteeing Code's Origin. Summary. Chapter 5: Storing Confidential Data in the Keychain. What Is the Keychain? Why Should I Use the Keychain? How to Take Advantage of the Keychain. Keychain on the iPhone. Summary. Performing Chapter 6: Privileged Tasks. How to Acquire Rights. Factored Applications with Authorization Services. The Authorization Database. Why Not to Launch Privileged Tasks with Authorization Services. The Padlock. Authorization Plug-Ins. Summary. Chapter 7: Auditing Im portant Operations. Examples of Auditing. Using Apple System Logger. Basic Security Module. Summary. Chapter 8: Securing Network Connections. Remote Authentication. Privilege Boundaries in Networked Applications. Does 'Bonjour' Mean It's Adieu to Network Security? Working with the Firewall. Network Configuration with SystemConfiguration. Taking Advantage of SSL. Summary. Chapter 9: Writing Secure Application Code. Secure Objective-C Coding. Secure C Coding. Code Reviews and Other Bug-Finding Techniques. Summary. Deploying Chapter 10:

Graham J. Lee is an independent security contractor, focusing on Mac and iPhone applications. He is a regular speaker on Mac security, and writes the security column for the Mac Developer Network.

Dieses eBook können Sie uneingeschränkt auf allen Geräten der tolino Familie lesen. Zum Lesen auf sonstigen eReadern und am PC benötigen Sie eine Adobe ID.