So far you have learned the various techniques that you can use to attack and exploit vulnerabilities within iOS applications. This chapter progresses from the offensive aspects of mobile app security to documenting the ways in which you can secure an application. Understanding the defensive strategies that an application can employ is essential knowledge for any security professional or developer; it not only helps you offer remedial and preventative advice but understanding the intricacies of defense can help you to become a better tester.

This chapter covers the ways in which you can protect the data in your application, not only at rest but also in transit. It also details how you can avoid some of the injection attacks that were detailed in Chapter 3, as well as how you begin to build defenses in to your application to slow down your adversary and hopefully make them consider softer targets.

Protecting Data in Your Application

In most mobile applications the data is the thing that is of most interest to an attacker. As such, considering how your data is received; processed; transmitted to other components, hosts, and ultimately destroyed is important. This section details how to protect data within your application and reduce the likelihood of it being intercepted or compromised by an attacker.