Professional Cocoa Application Security.
Başlık:
Professional Cocoa Application Security.
Yazar:
Lee, Graham J.
ISBN:
9780470911099
Yazar Ek Girişi:
Basım Bilgisi:
1st ed.
Fiziksel Tanımlama:
1 online resource (336 pages)
İçerik:
Professional Cocoa Application Security -- About the Author -- Contents -- Introduction -- Who Should Read This Book -- What Are We Trying to Secure, and from What? -- Ab out the Examples -- Conventions Used in This Book -- Source Code -- Errata -- p2p.wrox.com -- Chapter 1: Secure by Design -- About Cocoa Security -- Profiling Your Application's Security Risks -- Defining the Security Environment -- Defining Threats -- Defining and Mitigating Vulnerabilities -- Summary -- Chapter 2: Managing Multiple Users -- Caveat for iPhone Developers -- Why We Have Multiple Users -- User Groups -- Understanding Directory Services -- Accesing User Preferences and Managed Preferences -- Summary -- Chapter 3: Using the Filesystem Securely -- UNIX Permissions -- Filesystem Flags -- Access Control Lists -- File Vault and Other Encryption Options -- Network Filesystems -- Layout and Security of a Typical Mac OS X Filesystem -- Aliases and Bookmarks -- Quarantining Downloaded Files -- Securely Deleting Files -- Disk Arbitration -- Summary -- Chapter 4: Handling Multiple Processes -- Privilege Separation -- Designing Multiple-Process Systems -- Managing Process Lifecycles with Launchd -- How to Use Setuid and Setgid -- Communication betwen Processes -- Playing in the Sandbox -- Guaranteeing Code's Origin -- Summary -- Chapter 5: Storing Confidential Data in the Keychain -- What Is the Keychain? -- Why Should I Use the Keychain? -- How to Take Advantage of the Keychain -- Keychain on the iPhone -- Sumary -- Chapter 6: Performing Privileged Tasks -- How to Acquire Rights -- Getting a Right -- Fact ore d Applicati ons with Auth ori zati on Ser vices -- Identify the Privilege Boundaries -- Writing the Application -- The Helper Tool -- The Auth ori zati on Database -- What Are Rules? -- Creating Custom Rules.
Why Not to Launch Privileged Tasks with Authorization Services -- The Padlock -- Authorization Plug-Ins -- Summary -- Chapter 7: Auditing Important Operations -- Examples of Auditing -- Using Apple System Logger -- Basic Security Module -- Summary -- Chapter 8: Securing Network Connections -- Remote Authentication -- Privilege Boundaries in Networked Applications -- Does 'Bonjour' Mean It's Adieu to Network Security? -- Working with the Firewall -- Network Configuration with SystemConfiguration -- Taking Advantage of SSL -- Summary -- Chapter 9: Writing Secure Application Code -- Secure Objective-C Coding -- Secure C Coding -- Code Reviews and Other Bug-Finding Techniques -- Summary -- Chapter 10: Deploying Software Securely -- Writing Security Documentation -- Identify Yourself with Code Signing -- Giving Your Code to Your Users -- Rolling Your Own Installer -- Deploying Privileged Helpers without Installers -- Responding to Security Problems -- Summary -- Chapter 11: Kernel Extensions -- The Kernel Environment -- Filesystem Access Authorization with Kauth -- Summary -- Chapter 12: Conclusion and Further Reading -- Further Reading -- Index.
Özet:
Design, implement, and deploy secure applications All applications face security threats, making security considerations an integral part of every stage of the software development process. With this book, Cocoa and Cocoa Touch developers can ensure that their applications provide a secure user experience by incorporating security measures from the start when designing an application. Author and Mac security guru Graham Lee encourages you to acquire a clear understanding of the objectives of your users so that you can conclude which security techniques will be relevant to your application. He shows you how to take advantage of the many security resources available and provides helpful insight to avoiding security pitfalls and handling unexpected issues that may arise. Professional Cocoa Application Security: Details why security is important and provides rationale as to why you should secure your app Introduces the UNIX filesystem and examines the Mac OS X-specific filesystem security features Discusses the limitations of the keychain and encryption Reviews ways to look for, record, and fix security bugs in written code Describes the security impacts of different Mac OS X software deployment techniques Explains how to securely deliver software updates Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job. wrox.com Programmer Forums Join our Programmer to Programmer forums to ask and answer programming questions about this book, join discussions on the hottest topics in the industry, and connect with
fellow programmers from around the world. Code Downloads Take advantage of free code samples from this book, as well as code samples from hundreds of other books, all ready to use. Read More Find articles, ebooks, sample chapters, and tables of contents for hundreds of books, and more reference resources on programming topics that matter to you.
Notlar:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Tür:
Elektronik Erişim:
Click to View