Professional Cocoa Application Security,9780470525951

Professional Cocoa Application Security

by
ISBN13: 9780470525951
ISBN10: 0470525959
Format: Paperback
Pub. Date: 2010-06-08
Publisher(s): Wrox
List Price: $54.01

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $4.74

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

The first comprehensive security resource for Mac and iPhone developersThe Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development. While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first comprehensive reference to Apple's application security frameworks and features Shows developers how to consider security throughout the lifecycle of a Cocoa application, including how Mac and iPhone security features work and how to leverage them Describes how to design, implement, and deploy secure Mac and iPhone software, covering how user configurations affect application security, the keychain feature, how to maximize filesystem security, how to write secure code, and much moreProfessional Cocoa Application Security arms Apple developers with essential information to help them create Mac and iPhone applications as secure as the operating system they run on.

Author Biography

Graham J. Lee is an independent security contractor, focusing on Mac and iPhone applications. He is a regular speaker on Mac security, and writes the security column for the Mac Developer Network.

Table of Contents

Introduction.

Chapter 1: Secure by Design.

About Cocoa Security.

Profiling Your Application's Security Risks.

Defining the Security Environment.

Defining Threats.

Defining and Mitigating Vulnerabilities.

Summary.

Chapter 2: Managing Multiple Users.

Caveat for iPhone Developers.

Why We Have Multiple Users.

User Groups.

Understanding Directory Services.

Accessing User Preferences and Managed Preferences.

Summary.

Chapter 3: Using the Filesystem Securely.

UNIX Permissions.

Filesystem Flags.

Access Control Lists.

FileVault and Other Encryption Options.

Network Filesystems.

Layout and Security of a Typical Mac OS X Filesystem.

Aliases and Bookmarks.

Quarantining Downloaded Files.

Securely Deleting Files.

Disk Arbitration.

Summary.

Chapter 4: Handling Multiple Processes.

Privilege Separation.

Designing Multiple-Process Systems.

Managing Process Lifecycles with Launchd.

How to Use Setuid and Setgid.

Communication between Processes.

Playing in the Sandbox.

Guaranteeing Code's Origin.

Summary.

Chapter 5: Storing Confidential Data in the Keychain.

What Is the Keychain?

Why Should I Use the Keychain?

How to Take Advantage of the Keychain.

Keychain on the iPhone.

Summary.

Performing Chapter 6: Privileged Tasks.

How to Acquire Rights.

Factored Applications with Authorization Services.

The Authorization Database.

Why Not to Launch Privileged Tasks with Authorization Services.

The Padlock.

Authorization Plug-Ins.

Summary.

Chapter 7: Auditing Im portant Operations.

Examples of Auditing.

Using Apple System Logger.

Basic Security Module.

Summary.

Chapter 8: Securing Network Connections.

Remote Authentication.

Privilege Boundaries in Networked Applications.

Does 'Bonjour' Mean It's Adieu to Network Security?

Working with the Firewall.

Network Configuration with SystemConfiguration.

Taking Advantage of SSL.

Summary.

Chapter 9: Writing Secure Application Code.

Secure Objective-C Coding.

Secure C Coding.

Code Reviews and Other Bug-Finding Techniques.

Summary.

Deploying Chapter 10: Software Securely.

Writing Security Documentation.

Identify Yourself with Code Signing.

Giving Your Code to Your Users.

Rolling Your Own Installer.

Deploying Privileged Helpers without Installers.

Responding to Security Problems.

Summary.

Chapter 11: Kernel Extensions.

The Kernel Environment.

Filesystem Access Authorization with Kauth.

Summary.

Chapter 12: Conclusion and Further Reading.

Further Reading.

Index.

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.