Pentesting guide in iOS apps

Apple, like most major tech companies, offers a scope bounty To report vulnerabilities and errors in your systems and applications. Whether organizations seek to improve the security of their developments through these programs or by contracting pentesting services, the truth is that identifying security weaknesses and flaws in the process of designing and developing applications or systems is an essential task and will remain so. Above all, because companies are increasingly aware of the importance of this process for business, which means minimizing the chances that users of these solutions will experience security incidents or have their privacy affected.

Access to information in these times allows individuals to gain knowledge in a scientific way or through courses and thousands of resources available on the web. With that in mind, I’ve decided to produce a series of articles that are a brief guide to pentesting in iOS apps that gather some key aspects when entering this universe.

1. iOS Security Engineering

First, I suggest starting with a review of the security architecture of iOS to understand the rules of the game, what are our limitations, challenges, and tools we will need to get started in this wonderful world.

2. Jailbreak for iOS apps

In the second article, we get into the topic of jailbreaking that focuses on pentesting in iOS. Here we explain what a jailbreak is, what types of jailbreaking there are, and how to jailbreak using Checkra1n and Uncover.

3. Methodological and practical foundations when performing pentesting in iOS

In the following article from iOS pentesting guide, we get into the theoretical and practical foundations for starting iOS app pentesting. In this sense, we will see topics such as environment and business scenario to understand how to install the applications to be analyzed, and what tests we should start running, among other topics.

4. Tools when analyzing security in iOS apps

To find out what tools and analysis techniques are needed when doing pentesting on iOS, we have prepared the following article, where we explain how to analyze network traffic, SSH tunnels, and other connections on a device, and share some debugger tools.

We will soon be expanding this guide with new articles.