O'Reilly logo

Professional Cocoa® Application Security by Graham J. Lee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Writing Secure Application Code

WHAT'S IN THIS CHAPTER?

  • Potential security pitfalls in Objective-C

  • Common vulnerabilities in C language code

  • Techniques for finding bugs, including security issues

Even the best-designed application can be vulnerable if it is not coded defensively. This chapter will not give you an exhaustive list of issues to look out for; that's a topic that can (and does!) fill several books. You will find out about the more important problems, and why they can lead to vulnerabilities. You will also discover how to detect these problems before they get into the products your customers use.

SECURE OBJECTIVE-C CODING

The Objective-C language used in Cocoa development was designed at a company called Stepstone, at roughly the same time that AT&T was developing C++. Both Objective-C and C++ are extensions to the C language, adding object-oriented features, but the two languages take very different approaches. Where C++ relies on decisions made by the compiler to statically resolve classes and methods, Objective-C has a dynamic nature inspired by the Smalltalk language, and leaves those decisions until runtime.

Since Apple taking stewardship of the language by acquiring NeXT Software in 1997, Apple has added many new features and designed a new runtime library for use in 64-bit Mac applications and on the iPhone. The language itself has largely remained unchanged. There are some simple patterns to bear in mind when writing Objective-C code to avoid some security ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required