Securing Against Threats, Securing for Enterprise, and Jailbreaking Devices

This course is included in our On-demand training solution.


Each iOS application runs in a separate virtual machine, or sandbox, and applications may also be subjected to dynamic analysis, or fuzzing, whereby illegal input is intentionally applied to an application so as to test for security issues. Return oriented programming may also be used in attempts to reveal certain application vulnerabilities, and devices may be jailbroken so as to make them more open to developers who can then better evaluate system security. In this course, you will learn about sandboxes and how to initialize them, how to secure iOS applications and devices for enterprise, how to design and administer fuzz tests on iOS applications, how to defend applications against exploits, how to use return-oriented programming to reveal application vulnerabilities, and how to install and use jailbreaking tools on iOS devices.

Target Audience

Application developers on the beginner and intermediate level seeking to create and deploy secure iOS applications



Expected Duration

90 min.

Course Objectives

Course Introduction

Overview of iOS Sandbox

  • identify iOS Sandbox components and describe how they are related
  • Understanding Sandboxing and Runtime Security

  • describe how runtime process security makes use of sandboxing to protect applications and their data on iOS 8 devices
  • Understanding Sandboxing with Extensions

  • describe how extensions are sandboxed to protect their files and memory space in iOS
  • Understanding How Sandboxing Impacts the App Store

  • describe how applications are launched under a sandbox and how applications are restricted to their own container directories in the App Store
  • Working with Mobile Configuration Profiles

  • identify the contents of a configuration profile and how to identify configuration profile payload types
  • Working with the Apple Configurator

  • describe the general functionality of the Apple Configurator
  • Creating a Configuration Profile

  • use Apple Configurator to create a new configuration profile
  • Updating and Removing Configuration Profiles

  • use Apple Configurator to update and remove configuration profiles
  • Setting Up the OS X Server Profile Manager

  • configure and run the Profile Manager service
  • Enrolling Devices using Profile Manager Web Portal

  • enroll a user device with the OS X Server mobile device management service using the user’s Profile Manager web portal
  • Enrolling Devices by Downloading Enrollment Profiles

  • enroll a user device with the OS X Server mobile device management service by downloading and installing an enrollment profile
  • Overview of Fuzzing iOS Applications

  • describe the basic idea behind fuzzing and how it is used to reveal security issues in iOS applications
  • Carrying Out a Fuzz Test

  • describe steps for carrying out a fuzz test
  • Fuzzing the Safari Browser

  • carry out a fuzz test on Safari web browser for Mac OS X Yosemite
  • Exploiting Bug Classes

  • describe how to exploit use-after-free and double free bugs
  • Understanding the iOS System Allocator

  • describe the concept of regions and how regions are allocated and deallocated
  • Understanding TCMalloc

  • describe TCMalloc allocator as well as large and small object allocation and deallocation
  • Overview of Return-Oriented Programming

  • describe background on ROP and basics in ARM architecture
  • Understanding the ARM Systems Call Convention

  • describe how system calls are invoked on ARM
  • Understanding the iOS ARM Calling Convention

  • describe the ARM calling convention on iOS
  • Exercise: Working with Profiles