O'Reilly logo

Professional Cocoa® Application Security by Graham J. Lee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. Deploying Software Securely

WHAT'S IN THIS CHAPTER?

  • How to explain security requirements

  • Proving that your application came from you

  • Packaging your application

  • Handling security issues in the field

A comprehensive threat model helps you identify the risks to which your customers are exposed. By designing your application with those risks in mind, you can act to mitigate them, but only once your customers have the application and are able to use it. Software must be installed, deployed, and used appropriately for the threat model to remain valid and the security countermeasures to be effective.

WRITING SECURITY DOCUMENTATION

In creating your threat model you may have found some risks that cannot be mitigated in code — the connection to a remote service is at risk if the user sets a poor password, and the password is chosen outside your app. The risk cannot be ignored, and yet because the application cannot take care of the problem automatically, the user's attention must be drawn to it. Manuals are notorious for not being read (nor even downloaded, in these post-boxed-software days), so the user guide may not be the most appropriate place to record security requirements. Many users expect to download and launch an application, then discover how to use it while they begin working with the app. The only text they ever see might be on your product marketing page or the iTunes app store.

Note

As always, knowing your customers could change your perception. In enterprise environments, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required