O'Reilly logo

Professional Cocoa® Application Security by Graham J. Lee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12. Conclusion and Further Reading

WHAT'S IN THIS CHAPTER?

  • Where to go now

  • Bibliography and other reading material

You have now seen one approach to reasoning about security and how to model the threats faced by your users. You've also had a tour through the operating system features that Apple provides to implement the security controls or countermeasures required by your Mac or iPhone application. You've seen how to avoid introducing vulnerabilities in the way you use the Objective-C language, and how to get your secure application into the hands of your customers. We've covered a lot of ground, but not all of it will be relevant to your application. Use those parts that directly relate to the use cases in your app, and leave the rest for future reference.

The one aspect of Cocoa application security that is relevant to every single application on the platform — including those you have not yet shipped — is the threat model. You cannot apply appropriate security countermeasures if you have not considered the goals and concerns of your users, or the motivations and techniques that attackers will employ. The threat modeling process described in Chapter 1 is just one possible technique. Its principal benefit is that it's a methodical approach based on industry practice: the references given in "Further Reading" offer a wealth of information about similar techniques. I have found that this process has worked for me on a number of projects, but if you decide it's not for you, don't ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required