📂
JackyChen的精神時光屋
  • About
  • iPlayground
    • iPlayground 2020
      • iPlayground submit 2020
    • iPlayground 2019
      • Untitled
      • iPlayground submit 2019
  • WWDC
    • 2020 WWDC
    • 2019 WWDC
    • 2018 WWDC
      • What's New in Testing
      • BusinessChat
    • 2016 WWDC
      • What's New in the Apple Push Notification Service
  • AR/VR
    • ARKit plugin at Unity
    • ARKit
    • AR/VR 實習作品分享
    • Google Blocks
  • CI/CD
    • Continous Integretion for Unity
    • 拯救地球大作戰-自動化設定注意事項
    • Provisioning Profile 自動化更新
    • Make ipa file with personal team of code sign
    • Xcode11 版號問題
  • Test
    • Cucumberish
    • XCUITest
    • Design Patterns in XCUITest
    • Unit Test
  • User Interface
    • IBDesignable 和 IBInspectable
    • iOS 使用貝塞爾曲線繪製路徑
    • UIStatusBarStyle
    • iOS Devices Specification
    • Vector Image
    • Launch Screen
    • Haptic Feedback
    • Good Works for Storyboard
    • Cell 展開收合效果
    • ScrollView
    • Swift lazy
    • Lottie
  • Foundation
    • Adding a Custom Font to Your App
    • WKWebView how to work with javascript
    • Global Central Dispatch
    • HealthKit
    • Error Handling
    • Debug with LLDB
    • Application Lifecycle
    • Swift Codable
    • Push Notifications
    • AVFoudation
  • Others
    • C語言指標概念
    • UnsafePointer(Swift)
    • iOS News Reference
    • Blender
    • Free Web Server
    • Firebase
    • Firebase migration
    • GraphQL
    • Ruby
    • zsh command line
    • visudo
  • Security
    • 課程:App資安規劃與實作
    • KeyChain
    • iOS反組譯程序
    • Arxan
  • Git
    • Git
    • xcodeproj 合併衝突
    • Pull Request
  • Machine Learning
    • CoreML
    • Vision
    • Turi Create
  • 待分類
    • ABI Stability and More
    • Mirror
    • Carthage
    • SwiftUI
    • MVVM
    • OpenSSL
    • USDZ Convert
    • Nexus repository and gitlfs
Powered by GitBook
On this page
  • 資料安全
  • 網路安全
  • 程式碼安全

Was this helpful?

  1. Security

課程:App資安規劃與實作

PreviousvisudoNextKeyChain

Last updated 5 years ago

Was this helpful?

  • 課程網址

    NSExceptionAllowsInsecureHTTPLoads
NSIncludesSubdomains

資料安全

  • 使用 RNCryptor 或 Keychain 做檔案加密

網路安全

  • 使用 Trustkit 做 SSL Pining (OWASP推薦)

  • SSL Labs

    檢測網站憑證用,包含查看SSL pin
SSL pin = Base64(SHA256(Public Key))

  • Home

  • Hostname

  • Report

  • SSL Pin 1

  • SSL Pin 2

程式碼安全

  • Host domain 在程式碼中,應以密文形式存在

  • 加密的 Key 可用 Computed property 來做,比直接寫一個值好

// Not good
let key = "123456" 

// Not good, it will keep in memory when class initial
let key: String = 
{
  return "12"+String(30+4)+String(7*8)
}()

// Good
var key: String
{
  return "12"+String(30+4)+String(7*8)
}

  • 做動態記憶體偵測反制

    • 在AppDelegate,將 @UIApplicationMain 註解掉

    • 新增 main.swift

import Foundation
import UIKit

_ = autoreleasepool {
  UIApplicationMain(
    CommandLine.argc,
    UnsafeMutableRawPointer(CommandLine.unsafeArgv)
      .bindMemory(
        to: UnsafeMutablePointer<Int8>.self,
        capacity: Int(CommandLine.argc)),
    nil,
    NSStringFromClass(AppDelegate.self) //Or your class name
  )
}

  • 新增 DisableTrace.swift (停止 Debug mode)

    • 使用 macro,在 Release 模式時才反制

    • 使用 @inline(__always)