OOP the Easy Way
Object-Oriented Programming the Easy Way: a manifesto for reclaiming OOP from three decades of confusion and needless complexity.APPropriate Behaviour
APPosite Concerns
FSF
Category Archives: iPhone
On SSL Pinning for Cocoa [Touch]
Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading
Posted in code-level, iPad, iPhone, ssl
6 Comments
TDD/unit testing video training for iOS developers
I recently recorded a series of videos on unit testing and test-driven development for iOS developers with Scotty of iDeveloper.tv. The videos and associated source code is now available for purchase and download.
Posted in code-level, iDeveloper.TV, iPad, iPhone, software-engineering, Talk, TDD, tool-support
Comments Off on TDD/unit testing video training for iOS developers
A Cupertino Yankee in the Court of King Ballmer
This post summarises my opinions of Windows Phone 7 from the Microsoft Tech Day I went to yesterday. There’s a new version of Windows Phone 7 (codenamed Mango) due out in the Autumn, but at the Tech Day the descriptions … Continue reading
Posted in Business, iPad, iPhone, Mac, tool-support, WebObjects, WinPhone
1 Comment
On the top 5 iOS appsec issues
Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading
Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability
2 Comments
On platform-specific strategies
I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading
Posted in code-level, iPad, iPhone, Mac, software-engineering
2 Comments
Storing and testing credentials: Cocoa Touch Edition
This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading
Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS
7 Comments
What happens when you jailbreak an iPad
Having played around with an iPad running a jailbreak OS yesterday, I thought it would be useful to explain one possible attack that doesn’t seem to get much coverage. As I’ve discussed in numerous talks, the data protection feature of … Continue reading
Posted in Encryption, iPad, iPhone, ssh
2 Comments
On NSInvocation
I was going to get down to doing some writing, but then I got some new kit I needed to set up, so that isn’t going to happen. Besides which, I was talking to one developer about NSInvocation and writing … Continue reading
Posted in Foundation, iPad, iPhone, Mac, software-engineering
Leave a comment
On Fuzzy Aliens
I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading
Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel
Leave a comment
An example of unit testing working for me
Some specific feedback I was given regarding my unit testing talk at VTM: iPhone fall conference was that the talk was short on real-world application of unit testing. That statement is definitely true, and it’s unfortunate that I didn’t meet … Continue reading
Posted in code-level, iPad, iPhone, Mac, software-engineering, TDD, tool-support, VTM
1 Comment