If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.
This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.
- Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
- Learn how attackers infect apps with malware through code injection
- Discover how attackers defeat iOS keychain and data-protection encryption
- Use a debugger and custom code injection to manipulate the runtime Objective-C environment
- Prevent attackers from hijacking SSL sessions and stealing traffic
- Securely delete files and design your apps to prevent forensic data leakage
- Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Click here to buy from Amazon
Amazon Price: $51.00 $51.00 (as of October 27, 2016 10:41 –
This book gives intrinsic details of exploiting stack overflows in Windows applications. It walks the reader through various steps that are necessary for identifying stack overflow vulnerabilities in Windows applications. It also teaches how a reader should actually go about exploiting these vulnerabilities and bypass various Windows protections. Overall, this is a great tutorial for beginners as well as people who are inclined to understand the inner details of Windows protection mechanisms and bypass.
Fuzzing is often described as a “black box” software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.
Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
. Learn How Fuzzing Finds Vulnerabilities
Eliminate buffer overflows, format strings and other potential flaws
. Find Coverage of Available Fuzzing Tools
Complete coverage of open source and commercial tools and their uses
. Build Your Own Fuzzer
Automate the process of vulnerability research by building your own tools
. Understand How Fuzzing Works within the Development Process
Learn how fuzzing serves as a quality assurance tool for your own and third-party software
Click here to buy from Amazon
Amazon Price: $49.99 $39.80 You save: $10.19 (20%). (as of October 27, 2016 10:26 –
The upcoming IoT age will blur the line between our physical and online lives. Attacks targeting our online spaces will put our physical security at risk. Traditionally, the attack vectors to our fundamental luxuries have required physical tampering, mostly because access to the infrastructure has been limited from the Internet. This is about to change with the upcoming disruption caused by a future with billions of "things" connected to the Internet.
This book takes a fascinating look into abusing the most popular IoT-based devices already available in the market. You'll learn how a simple attack can cause a perpetual blackout targeting LED lightbulbs, how bad security decisions have grossly violated the physical safety and privacy of families, and how the insecurity of powerful electric vehicles can put your life at risk.