Chapter 16
Ensuring Application and Data Security
What's in this Chapter?
- Securing the iOS application sandbox
- Protecting data when in transit and at rest
- Identifying potential security “gotchas”
- Established industry best practices
- How to audit both in-house and commercial iOS applications
- Creating corporate standards for iOS application security
Now that you have a good understanding of how to develop applications for the iPad, it's important to understand how to secure your applications, including the data and functionality contained within them. Although iOS is a relatively new platform for most enterprise IT and security groups, it has emerged and matured quite a bit over the last several versions and iterations. As a result, there are many sophisticated techniques for significantly enhancing application-level security above and beyond any security applied on the device level. It is vital for those with development and security responsibilities to understand these concepts.
In this chapter, we'll discuss the idea of the sandbox security model and how to maximize security by embracing the sandbox concept, as opposed to relying solely on traditional device-level security ideas. We'll discuss how to implement authentication and authorization on the application level, communicate securely with back-end data sources, and establish formal processes for auditing your applications prior to deployment.
Understanding the Sandbox Security Model
There are two ways to think about mobile ...