O'Reilly logo

Learning iOS Penetration Testing by Swaroop Yermalkar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL injection in iOS applications

Web app pentesters must be familiar with the SQL injection, where the user input is treated as arbitrary command due to the lack of input validation. The iOS applications using local storage are also vulnerable to injection attacks if the developers are not sanitizing/escaping user input. The danger here is that the attack is also possible on non-jailbroken devices and the local data can be corrupted, causing unpredictable behavior in the app when it is relying on this data.

We will use a vulnerable iGoat application to demonstrate this SQL injection attack on its local storage. The iGoat application's source code is available, so let's look into the code using Xcode. In other cases, when you just have binary, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required