LEVEL300 - Advanced Application Security


Course Learning Objectives

  • Discover how to store data securely on your device as well as avoid disclosing any sensitive information
  • Learn how to encrypt your connections and deal with dodgy certificate authorities
  • Utilize secure techniques to prevent accidental data leaks from your device
  • Define how injection attacks can penetrate your Swift application
  • Recognize how to prevent session hijackings by utilizing proper session management
  • Apply secure techniques when handling requests


This course aims to teach you about common vulnerabilities affecting your Swift iOS applications. We’ll cover a variety of techniques for securing your application against theses vulnerabilities. You’ll also learn to identify and write secure Swift code, differentiate between secure and insecure coding methods, and understand the various factors that come together to help you defend your Swift iOS applications from attacks.


iOS application developers

Time Required

Tailored learning - 40 minutes total

Course Outline

  1. Insecure Data Storage
    • About the vulnerabilities
    • Insecure data storage
    • Code: Uploading images or photos
    • Code: Uploading videos
    • Classify your data type
    • Best practices for encrypting data
    • Code: Encrypt using RNCryptor
    • Using iOS Keychain services for secure data storage
    • Best practices for using Keychain
    • Code: Using Keychains
  2. Network Communications
    • About the vulnerabilities
    • Newsflash: Google
    • Always encrypt
    • Encryption types
    • Code: Encrypt for HTTP and SSL-based
    • Certificate pinning
    • Code: Certificate pinning
    • Dealing with dodgy root Cas
  3. Data Leaks
    • About the vulnerabilities
    • Code: Disable autocorrect and keyboard extensions
    • Plaintext storage in memory
    • Information disclosure in iOS via system snapshots
    • Code: Hide sensitive fields
  4. Injection Attacks
    • About the vulnerabilities
    • Pass the buck to Safari
    • Encrypt all the things
    • Loading local content
    • Code: Loading local PDF in WebView
  5. Session Management
    • About the vulnerabilities
    • Ephemeral sessions
    • Code: Create an NSURLSession
    • Session invalidation
  6. Request Handling
    • About the vulnerabilities
    • Code: Authorization check on notifications
    • Code: Handling Siri intent
    • Best practices for using URL schemes or Universal Links

$143.00 *prices shown in USD Add to Cart or Subscribe your team