iOS Development - Tips & Tricks

Jul 18, 2014Download as PPTX, PDF0 likes357 views

This document summarizes an iOS development tips and tricks presentation. It discusses why iOS development is challenging due to hardware limitations and usability requirements. It also covers iOS security best practices, including encrypting local storage, using SSL for server communication, and checking for debuggers to prevent runtime manipulation. The presentation provides code examples for implementing these security techniques.

iOS Development - Tips & Tricks
iOS Development - Tips & Tricks
Software Development Lead - iOS
Galin Kardzhilov
Software Development Manager - iOS
Stefan Tsvyatkov

iOS Development - Tips & Tricks
Agenda
Why iOS
Some challenges
iOS Security

iOS Development - Tips & Tricks
About Me
Started with

iOS Development - Tips & Tricks
About Me

iOS Development - Tips & Tricks
Why iOS?
-(NSString *)generateReasonsWhyiOS {
NSMutableString *reasons = [[NSMutableString alloc] init];
[reasons appendString:@"It's new"];
[reasons appendString:@"It's challenging"];
[reasons appendString:@"It compiles to native"];
[reasons appendString:@"You have to deal with hardware limitations"];
[reasons appendString:@"You have to provide responsiveness"];
[reasons appendString:@"You have to provide usability"];
[reasons appendString:@"You have to provide security"];
[reasons appendString:@"0ften craftsmanship is required"];
[reasons appendString:@"Your code runs into people's pockets"];
return reasons;
}

iOS Development - Tips & Tricks
Table view
Background image
Custom drawn cells
… flipped

iOS Development - Tips & Tricks
Scroll View
Custom View

iOS Development - Tips & Tricks
Security in iOS
Local Storage
Communication with the server
Binary analysis and manipulation

iOS Development - Tips & Tricks
Local Storage Security
NSUserDefaults
Convenient
Not encrypted by
default
Keeps the data in a
plist file
CoreData
Not encrypted by
default
Keeps the data in
sqlite db

iOS Development - Tips & Tricks
Local Storage Security
Keychain Access
Encrypted by default
A bit more complex for use
Insecure on jailbroken devices
Data encryption
Crypto API
Obfuscate the encryption key
Use unique device information
String constant
[[UIDevice
currentDevice]
identifierForVendor]
Custom
algorithm
Secure encryption key

iOS Development - Tips & Tricks
Server Communication Security
Use SSL
Don’t accept self-signed certificates
Client and server side data validation

$iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } } ptrace Deny a debugger to attach Can be patched from binary Put it in multiple places$

iOS Development - Tips & Tricks
SEC_IS_BEING_DEBUGGED_RETURN_NIL
()
Check if a debugger is attached
Hard to be patched from binary
Make the check regularly and in critical parts
Doesn’t work against Cycript
Runtime Manipulation
#ifndef DEBUG
SEC_IS_BEING_DEBUGGED_RETURN_NIL();
#endif

iOS Development - Tips & Tricks
Conclusion
Keychain Access for storing
SSL for transporting
Check for debuggers
100% security does not exist

iOS Development - Tips & Tricks
Thank you!
Galin Kardzhilov @gravera
Stefan Tsvyatkov @stsvyatkov

This document discusses tips and tricks for iOS development. It begins with an introduction to the presenters and why iOS development is challenging and interesting. It then discusses specific iOS development topics like table views, scroll views, custom views, and security considerations for local storage, server communication, and preventing runtime manipulation. Security recommendations include using Keychain for storage, SSL for network communication, checking for debuggers, and realizing 100% security is not possible. The document provides code examples and encourages further learning through referenced videos.

Streamline CI/CD with Just-in-Time AccessAkeyless

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless

This document discusses using SSH certificates as an alternative to SSH keys for secrets management and remote access. It notes that SSH keys require ongoing management as team members join and leave. SSH certificates were introduced over 10 years ago and provide auditability, expiration to remove standing permissions, and avoid issues with lost or stolen keys. However, SSH certificates require some PKI knowledge and infrastructure setup. The document provides steps to set up a basic certificate authority and configure a server to use SSH certificates for login.

Moby and kubernetes entitlementsMoby Project

The document proposes a new system called "entitlements" for defining high-level permissions and security profiles for containers. It aims to provide a better user experience than the current options like --cap-add and --privileged, by defining standardized permission profiles like "network.admin" that are attached securely to container images. The proposal outlines examples of how entitlement profiles would configure security settings and capabilities. It discusses next steps to implement entitlements in Moby and Kubernetes and opportunities for the community to provide feedback and contribute.

Storage Visibility for Operations - A Ceph StoryDebojyoti Dutta

Building Automated Infrastructure Policy and Trust SystemsAndres Vega

Wordpress Security TipsLalit Nama

No, wait, not that way! - Real-world lessons from an OBIA 11g implementationjpiwowar

This presentation provided real-world lessons from implementing Oracle Business Intelligence Application 11g (OBIA 11g). Key points included knowing the certified configurations and limitations of the different OBIA components and their versions. It emphasized the importance of scripting the installation and configuration, using the database for workload segregation, and automating maintenance tasks. Other tips included tweaking default session settings, leveraging various Oracle wallets, and the importance of instrumentation and testing throughout the implementation. The overall message was to prepare thoroughly, automate where possible, and maintain an excellent collaborative environment across the technical teams.

10 good reasons to invest your time in FPJoel Corrêa

This document outlines 10 reasons to invest time in functional programming (FP): 1. To learn FP concepts like parallel collections, higher order functions, and immutability. 2. FP utilizes parallel collections that allow operations like mapping, reducing, and filtering collections concurrently. 3. FP focuses programmers on the essence of algorithms through immutable values and avoidance of side effects.

Simple past tenseNur Ashikin Mohd Sa'ay

The poem describes an unwanted kiss from the narrator's aunt. In the first stanza, the aunt squeezes the narrator's face between her bony hands like a concertina. In the second stanza, the aunt puckers her lips into a "wet doughnut" and says "come here" repeatedly as she moves in to kiss the narrator, who cannot escape. In the third stanza, the narrator sees the aunt's lips moving in slowly like an "unstoppable doughnut" through the air, dreading that the incoming "killer kiss" will be a "wet one."

PRESENTATION??????? ?????????????

This document discusses the results of a study analyzing 53 different factors that could potentially impact employee satisfaction and retention. The top six factors identified were: competitive pay, opportunities for growth and development, positive work environment, good benefits, work-life balance policies, and quality health insurance benefits. Addressing these six areas may help organizations improve how long employees decide to stay.

Do lidar bulletin_2070Sam Ranjit

Humrich shane ignite_slideshowShane Humrich

The document is a collection of Flickr photos with captions that relate to improving student behavior and academic performance. The photos promote identifying real-world preparation, providing feedback to students, and helping students learn to cope with challenges and organize themselves. They suggest working with students can make a positive difference and that change is needed to continue progress.

Evolucion de la empresa en colombia (1)Ruben Castellanos Sanchez

Este documento resume la historia del dise?o industrial y de objetos en Colombia desde 1900 hasta 1999. Destaca hitos como la creación de la primera escuela de artes decorativas industriales en 1904, el desarrollo de la industria de muebles y objetos desde las décadas de 1950 y 1960, y el establecimiento de los primeros programas universitarios de dise?o industrial en las décadas de 1970 y 1980. Asimismo, resalta el papel de dise?adores pioneros como Jaime Gutiérrez Lega y empresas que impulsaron la innovación de productos como Manufact

Lift web frameworkJoel Corrêa

Ooad presentationJoel Corrêa

The document discusses principles of object-oriented analysis and design for creating great software. It emphasizes gathering customer requirements, designing for flexibility and resilience to change. Key principles discussed include the open-closed principle, single responsibility principle, and DRY principle to avoid duplicate code. The document stresses defensive programming and programming by contract to ensure the software handles problems safely.

Social class dialectsNur Ashikin Mohd Sa'ay

This document discusses how social class influences language patterns and speech variables. Higher social classes tend to use more standard and formal grammar forms, while lower social classes may use variants like H-dropping, replacing "ing" with "in", different pronunciations of "r", and L-deletion. Social class can create sharp stratification in language, with the middle and lower classes distinguished by their use of grammar forms like singular vs. plural verbs. Negative concord, using multiple negative forms, is also characteristic of some vernacular dialects associated with lower social classes.

Book review To Kill A MockingbirdNur Ashikin Mohd Sa'ay

This 3-page book review summarizes the novel To Kill a Mockingbird by Harper Lee. It provides details on the author, publisher, year of publication, number of pages. It then gives a synopsis of the plot, which follows siblings Jem and Scout Finch and their lawyer father Atticus who defends a black man falsely accused of rape in 1930s Alabama. The review discusses the themes of prejudice, courage, and compassion explored in the novel. It also summarizes some of the main characters like Atticus, Scout, Jem, Boo Radley, Tom Robinson, and Mayella Ewell. Finally, it outlines issues presented in the novel like discrimination, loss of innocence, and the importance of honor

Real world Python+djangoJoel Corrêa

Concurrent paradigms - Paralelism approachesJoel Corrêa

The document discusses different concurrent programming paradigms including single and multi-threaded applications, race conditions that can occur with shared memory between threads, using locks to prevent race conditions, the actor model which uses mailboxes and private state, and fork/join parallelism which breaks an application into parts processed concurrently and joined. It provides references for further reading on concurrency topics.

The pragmatic programmerJoel Corrêa

The document discusses the characteristics of a pragmatic programmer, which include being an easy adapter, inquisitive critical thinker, realistic, and familiar with various technologies. It emphasizes communication, taking responsibility, avoiding broken windows, estimating to avoid surprises, refactoring when needed, and thorough testing. The pragmatic approach involves unambiguous representations, reversibility, programming close to the problem domain, and following the Law of Demeter.

Zippers presentationJoel Corrêa

A zipper is a functional cursor that allows traversal and focus within a data structure. It generalizes the gap buffer technique and can be adapted to recursively defined structures like lists and trees. The zipper contains the current subtree/subset, the current element/cursor, and allows constant-time access to the parent. It enables efficient focus-based changes, insertions and deletions in an immutable fashion using laziness.

LXC outlineJoel Corrêa

LXC allows for isolated environments called containers within a single Linux host using cgroups and namespaces. It provides a user-space interface and tools to easily create and manage these containers, which provide isolation of CPU, memory, block I/O and networking resources. LXC has been in development since 2009 and became production ready with version 1.0.0 in 2014, utilizing kernel features introduced in version 2.6.32. It includes commands like LXC-CREATE to build containers and LXC-INFO to view container information.

GraphQLJoel Corrêa

Task based language teachingNur Ashikin Mohd Sa'ay

Task-based language teaching (TBLT) focuses classroom activities around tasks that require students to use language for a specific purpose. It emphasizes using language communicatively to complete tasks that simulate real-world activities. There are two types of tasks: target tasks that simulate language use outside the classroom, and pedagogical tasks used in classroom activities and exercises to prepare students for target tasks. TBLT aims to move students beyond abstract language learning to applying language in authentic contexts. While it can make classes more engaging, some argue it may lack guidance on language forms and not promote accuracy.

The grammar translation methodNur Ashikin Mohd Sa'ay

This document describes the grammar translation method of teaching foreign languages. It was commonly used in the late 19th and early 20th centuries for teaching Latin and Greek. Key characteristics include using the student's native language for instruction, memorizing isolated vocabulary words, focusing on grammar rules and their application in translation exercises, reading difficult classical texts, and giving little attention to pronunciation. While it helped with mental discipline, it lacked oral practice and creativity in the classroom.

Building security into the pipelinesVandana Verma

Vandana Verma is a cybersecurity expert who specializes in DevSecOps. She serves on the OWASP Global Board of Directors as Vice-Chair and is a member of several security review boards. Her work focuses on diversity initiatives in information security. She advocates for integrating security practices throughout the entire software development lifecycle from coding to deployment. This includes having developers take ownership of security and empowering them with tools and processes to build more secure applications within their existing workflows.

Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso

This document provides an overview of building a video streaming solution using Azure Media Services. It discusses the key components involved including: 1. Creating Media Services and Storage accounts 2. Uploading videos as assets and encoding them 3. Generating thumbnails, subtitles and adaptive bitrate manifests 4. Creating a streaming endpoint and getting streaming URLs 5. Integrating with a web app using the Azure Media Player The document also briefly covers integrating with Azure Search to enable video search functionality on the web app. It provides code samples for common tasks like uploading, encoding, and playing videos using Media Services and searching using Azure Search.

OpenStack keystone identity serviceopenstackindia

OpenStack Identity (Keystone) provides central user authentication across OpenStack services. It maps users to the services they are authorized to access. Keystone acts as a common authentication system that can integrate with existing LDAP directories. The document discusses configuring Keystone, including installing prerequisites like MySQL, creating the Keystone database, and running scripts to initialize tenants, users, and endpoints. It also provides examples of sourcing credentials and using the Keystone client.

FI MUNI 2012 - iOS BasicsPetr Dvorak

The document provides an overview of iOS development basics including the iOS ecosystem, development tools like Xcode and Instruments, Objective-C language syntax, UI elements, memory management, and connecting to network resources. It covers setting up an iOS developer account, provisioning profiles, and submitting apps to the App Store. Key classes for networking like NSURL, NSURLRequest, and NSURLConnection are introduced along with using delegates and data sources. Parsing JSON and XML is also briefly discussed.

More Related Content

Viewers also liked (18)

10 good reasons to invest your time in FPJoel Corrêa

Simple past tenseNur Ashikin Mohd Sa'ay

PRESENTATION??????? ?????????????

Do lidar bulletin_2070Sam Ranjit

Humrich shane ignite_slideshowShane Humrich

Evolucion de la empresa en colombia (1)Ruben Castellanos Sanchez

Lift web frameworkJoel Corrêa

Ooad presentationJoel Corrêa

Social class dialectsNur Ashikin Mohd Sa'ay

Book review To Kill A MockingbirdNur Ashikin Mohd Sa'ay

Real world Python+djangoJoel Corrêa

Concurrent paradigms - Paralelism approachesJoel Corrêa

The pragmatic programmerJoel Corrêa

Zippers presentationJoel Corrêa

LXC outlineJoel Corrêa

GraphQLJoel Corrêa

Task based language teachingNur Ashikin Mohd Sa'ay

The grammar translation methodNur Ashikin Mohd Sa'ay

10 good reasons to invest your time in FPJoel Corrêa

Simple past tenseNur Ashikin Mohd Sa'ay

PRESENTATION??????? ?????????????

Do lidar bulletin_2070Sam Ranjit

Humrich shane ignite_slideshowShane Humrich

Evolucion de la empresa en colombia (1)Ruben Castellanos Sanchez

Lift web frameworkJoel Corrêa

Ooad presentationJoel Corrêa

Social class dialectsNur Ashikin Mohd Sa'ay

Book review To Kill A MockingbirdNur Ashikin Mohd Sa'ay

Real world Python+djangoJoel Corrêa

Concurrent paradigms - Paralelism approachesJoel Corrêa

The pragmatic programmerJoel Corrêa

Zippers presentationJoel Corrêa

LXC outlineJoel Corrêa

GraphQLJoel Corrêa

Task based language teachingNur Ashikin Mohd Sa'ay

The grammar translation methodNur Ashikin Mohd Sa'ay

Similar to iOS Development - Tips & Tricks (20)

Building security into the pipelinesVandana Verma

Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso

OpenStack keystone identity serviceopenstackindia

FI MUNI 2012 - iOS BasicsPetr Dvorak

Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy

Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services

Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline. Session Sponsored by: Dome9

Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM

Secure Coding For Java - Une introductionSebastien Gioria

The document provides an introduction to secure coding in Java. It discusses the Open Web Application Security Project (OWASP) and its mission to improve software security. It then covers 10 simple principles for writing secure code, such as input validation, output encoding, and parameterized queries. Examples of SQL injection and LDAP injection vulnerabilities are shown, along with ways to avoid them through parameterization and input sanitization. The importance of using security mechanisms from trusted libraries rather than reimplementing them is also stressed.

Rsockets ofa12trustitrusti

Rsockets provides a socket-like API for RDMA networking. It aims to allow applications to use familiar socket programming concepts while achieving high performance comparable to native RDMA. Rsockets allows existing socket applications to run over RDMA with minimal changes by intercepting socket calls and mapping them to rsocket functions. Initial benchmarks show rsockets achieving lower latency and higher bandwidth than IPoIB and competing with native InfiniBand performance. It also allows several MPI and HPC applications to run with only linking to an interception library.

DevSecOps: Let's Write Security Unit TestsPuma Security, LLC

Moving applications to the cloudSergejus Barinovas

Alexey Sintsov- SDLC - try me to implementDefconRussia

This document discusses implementing security best practices within an agile software development lifecycle (SDLC). It recommends that security requirements and testing be integrated into each sprint or iteration. The security team would provide requirements, guides, tools, and training to development teams. They would conduct a final security review before software releases. DevOps practices could help automate security processes and configuration of cloud platforms. The overall approach is to distribute security responsibilities to development teams with support from the centralized security team.

Zeronights 2016 - Automating iOS blackbox security scanningSynack

The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace allows tracing Objective-C method calls. The document also provides examples of Lua scripts for ChaoticMarch that find and interact with UI elements to automate tasks like filling fields and logging in.

ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin

The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.

PowerShell: A Language for the Internet of Things #ATLPUGTaylor Riggan

DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...Cisco DevNet

Big security for big dataAri Elias-Bachrach

7.1. SDLC try me to implenmentdefconmoscow

This document discusses implementing security practices throughout the software development lifecycle (SDLC) using an agile framework. It recommends that security teams provide requirements, guides, and tools to development teams and integrate security tasks into each sprint. It also advocates for maximum automation of security processes through DevOps practices like standardized secure cloud platforms. The document argues that SDLC is not a strict standard but a set of practices that can be tailored to each environment through shared security responsibilities between security and development teams.

Athens IoT meetup #7 - Create the Internet of your Things - Laurent Ellerbach...Athens IoT Meetup

Magento Application Security [EN]Anna V?lkl

This document discusses Magento application security. It covers securing logins and passwords, protecting the admin backend, installing SSL, following the software development life cycle, addressing common web application security flaws like injection and broken authentication, implementing secure coding principles such as input validation and access control, and applying security patches. The importance of ongoing security testing, monitoring, and updating is emphasized.

Building security into the pipelinesVandana Verma

Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso

OpenStack keystone identity serviceopenstackindia

FI MUNI 2012 - iOS BasicsPetr Dvorak

Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy

Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services

Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM

Secure Coding For Java - Une introductionSebastien Gioria

Rsockets ofa12trustitrusti

DevSecOps: Let's Write Security Unit TestsPuma Security, LLC

Moving applications to the cloudSergejus Barinovas

Alexey Sintsov- SDLC - try me to implementDefconRussia

Zeronights 2016 - Automating iOS blackbox security scanningSynack

ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin

PowerShell: A Language for the Internet of Things #ATLPUGTaylor Riggan

DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...Cisco DevNet

Big security for big dataAri Elias-Bachrach

7.1. SDLC try me to implenmentdefconmoscow

Athens IoT meetup #7 - Create the Internet of your Things - Laurent Ellerbach...Athens IoT Meetup

Magento Application Security [EN]Anna V?lkl

Recently uploaded (20)

World Information Architecture Day 2025 - UX at a CrossroadsJoshua Randall

User Experience stands at a crossroads: will we live up to our potential to design a better world? or will we be co-opted by “product management” or another business buzzword? Looking backwards, this talk will show how UX has repeatedly failed to create a better world, drawing on industry data from Nielsen Norman Group, Baymard, MeasuringU, WebAIM, and others. Looking forwards, this talk will argue that UX must resist hype, say no more often and collaborate less often (you read that right), and become a true profession — in order to be able to design a better world.

Gojek Clone Multi-Service Super App.pptxV3cube

Computational Photography: How Technology is Changing Way We Capture the WorldHusseinMalikMammadli

? Computational Photography (Computer Vision/Image): How Technology is Changing the Way We Capture the World He? dü?ünmüsünüzmü, müasir smartfonlar v? kameralar nec? bu q?d?r g?z?l g?rüntül?r yarad?r? Bunun sirri Computational Fotoqrafiyas?nda(Computer Vision/Imaging) gizlidir—??kill?ri ??km? v? emal etm? üsulumuzu t?kmill??dir?n, kompüter elmi il? fotoqrafiyan?n inqilabi birl??m?si.

What Makes "Deep Research"? A Dive into AI AgentsZilliz

About this webinar: Unless you live under a rock, you will have heard about OpenAI’s release of Deep Research on Feb 2, 2025. This new product promises to revolutionize how we answer questions requiring the synthesis of large amounts of diverse information. But how does this technology work, and why is Deep Research a noticeable improvement over previous attempts? In this webinar, we will examine the concepts underpinning modern agents using our basic clone, Deep Searcher, as an example. Topics covered: Tool use Structured output Reflection Reasoning models Planning Types of agentic memory

DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (平山毅)Tsuyoshi Hirayama

Build with AI on Google Cloud Session #4Margaret Maynard-Reid

FinTech - US Annual Funding Report - 2024.pptxTracxn

L01 Introduction to Nanoindentation - What is hardnessRostislavDaniel

Future-Proof Your Career with AI OptionsDianaGray10

Learn about the difference between automation, AI and agentic and ways you can harness these to further your career. In this session you will learn: Introduction to automation, AI, agentic Trends in the marketplace Take advantage of UiPath training and certification In demand skills needed to strategically position yourself to stay ahead ? If you have any questions or feedback, please refer to the "Women in Automation 2025" dedicated Forum thread. You can find there extra details and updates.

Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarterMariaBarbaraPaglinaw

Endpoint Backup: 3 Reasons MSPs Ignore ItMSP360

Early Adopter's Guide to AI Moderation (Preview)nick896721

30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...ScyllaDB

Q4 2024 Earnings and Investor PresentationDropbox

Understanding Traditional AI with Custom Vision & MuleSoft.pptxshyamraj55

Understanding Traditional AI with Custom Vision & MuleSoft.pptx | ### 狠狠撸 Deck Description: This presentation features Atul, a Senior Solution Architect at NTT DATA, sharing his journey into traditional AI using Azure's Custom Vision tool. He discusses how AI mimics human thinking and reasoning, differentiates between predictive and generative AI, and demonstrates a real-world use case. The session covers the step-by-step process of creating and training an AI model for image classification and object detection—specifically, an ad display that adapts based on the viewer's gender. Atulavan highlights the ease of implementation without deep software or programming expertise. The presentation concludes with a Q&A session addressing technical and privacy concerns.

UiPath Automation Developer Associate Training Series 2025 - Session 1DianaGray10

Welcome to UiPath Automation Developer Associate Training Series 2025 - Session 1. In this session, we will cover the following topics: Introduction to RPA & UiPath Studio Overview of RPA and its applications Introduction to UiPath Studio Variables & Data Types Control Flows You are requested to finish the following self-paced training for this session: Variables, Constants and Arguments in Studio 2 modules - 1h 30m - https://academy.uipath.com/courses/variables-constants-and-arguments-in-studio Control Flow in Studio 2 modules - 2h 15m - https:/academy.uipath.com/courses/control-flow-in-studio ?? For any questions you may have, please use the dedicated Forum thread. You can tag the hosts and mentors directly and they will reply as soon as possible.

AIXMOOC 2.3 - Modelli di reti neurali con esperimenti di addestramentoAlessandro Bogliolo

Fl studio crack version 12.9 Free Downloadkherorpacca127

https://ncracked.com/7961-2/ Note: >>?? Please copy the link and paste it into Google New Tab now Download link The ultimate guide to FL Studio 12.9 Crack, the revolutionary digital audio workstation that empowers musicians and producers of all levels. This software has become a cornerstone in the music industry, offering unparalleled creative capabilities, cutting-edge features, and an intuitive workflow. With FL Studio 12.9 Crack, you gain access to a vast arsenal of instruments, effects, and plugins, seamlessly integrated into a user-friendly interface. Its signature Piano Roll Editor provides an exceptional level of musical expression, while the advanced automation features empower you to create complex and dynamic compositions.

Inside Freshworks' Migration from Cassandra to ScyllaDB by Premkumar PatturajScyllaDB

How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...ScyllaDB

World Information Architecture Day 2025 - UX at a CrossroadsJoshua Randall

Gojek Clone Multi-Service Super App.pptxV3cube

Computational Photography: How Technology is Changing Way We Capture the WorldHusseinMalikMammadli

What Makes "Deep Research"? A Dive into AI AgentsZilliz

DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (平山毅)Tsuyoshi Hirayama

Build with AI on Google Cloud Session #4Margaret Maynard-Reid

FinTech - US Annual Funding Report - 2024.pptxTracxn

L01 Introduction to Nanoindentation - What is hardnessRostislavDaniel

Future-Proof Your Career with AI OptionsDianaGray10

Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarterMariaBarbaraPaglinaw

Endpoint Backup: 3 Reasons MSPs Ignore ItMSP360

Early Adopter's Guide to AI Moderation (Preview)nick896721

30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...ScyllaDB

Q4 2024 Earnings and Investor PresentationDropbox

Understanding Traditional AI with Custom Vision & MuleSoft.pptxshyamraj55

UiPath Automation Developer Associate Training Series 2025 - Session 1DianaGray10

AIXMOOC 2.3 - Modelli di reti neurali con esperimenti di addestramentoAlessandro Bogliolo

Fl studio crack version 12.9 Free Downloadkherorpacca127

Inside Freshworks' Migration from Cassandra to ScyllaDB by Premkumar PatturajScyllaDB

How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...ScyllaDB

iOS Development - Tips & Tricks

1. iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov

2. iOS Development - Tips & Tricks Agenda Why iOS Some challenges iOS Security

3. iOS Development - Tips & Tricks About Me Started with

4. iOS Development - Tips & Tricks About Me

5. iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship is required"]; [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }

6. iOS Development - Tips & Tricks Table view Background image Custom drawn cells … flipped

7. iOS Development - Tips & Tricks

8. iOS Development - Tips & Tricks Scroll View Custom View

9. iOS Development - Tips & Tricks

10. iOS Development - Tips & Tricks Security in iOS Local Storage Communication with the server Binary analysis and manipulation

11. iOS Development - Tips & Tricks Local Storage Security NSUserDefaults Convenient Not encrypted by default Keeps the data in a plist file CoreData Not encrypted by default Keeps the data in sqlite db

12. iOS Development - Tips & Tricks Local Storage Security Keychain Access Encrypted by default A bit more complex for use Insecure on jailbroken devices Data encryption Crypto API Obfuscate the encryption key Use unique device information String constant [[UIDevice currentDevice] identifierForVendor] Custom algorithm Secure encryption key

13. iOS Development - Tips & Tricks Server Communication Security Use SSL Don’t accept self-signed certificates Client and server side data validation

14. iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } } ptrace Deny a debugger to attach Can be patched from binary Put it in multiple places

15. iOS Development - Tips & Tricks SEC_IS_BEING_DEBUGGED_RETURN_NIL () Check if a debugger is attached Hard to be patched from binary Make the check regularly and in critical parts Doesn’t work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif

16. iOS Development - Tips & Tricks Conclusion Keychain Access for storing SSL for transporting Check for debuggers 100% security does not exist

17. iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov

Editor's Notes

#11: Здравейте. Аз съм Стефан Цвятков - iOS Development Manager в МенторМейт. Ще продължа темата с няколко съвета как да подобрим сигурността в iOS приложенията. Тъй като това е твърде обширна тема дори и за часове, а ние имаме минути, днес ще засегна само основите. Най-уязвимите места в едно приложение са мястото, където съхраняваме данните, комуникацията със сървъра и самото байнъри. Това и са нещата, чиято защита ще разгледаме.
#12: Започваме със съхранението на данни в мобилното устройство. Често ни се налага да записваме потребителски имена, сешън токъни и дори пароли локално в приложението. Например когато имплементираме офлайн логин за различни потребили в едно устройство. Най-удобният начин за записване на информация е NSUserDefaults. Използва се лесно - съхраняваме и четем данни с един ред код. Нека видим обаче колко сигурен е този подход. NSUserDefaults съхранява данните в plist файл, който съдържа плйейн текст списък от кий-велю записи. В интернет има голям избор от приложения, които инсталирани на компютър със свързано мобилно устройство, показват данните от всяко инсталирано приложение. Аз например използвам DiskAid. Тук съм отворил съдържанието на едно от приложенията, които разработваме и както виждате имам списък с файловете в него. Дори съм отворил плист файла, който съхранява данните на NSUserDefaults. Понеже приложението е написано качествено, тук не виждаме данни, които изглеждат важни. Нека разглеждаме друго популярно място за съхранение на данни - CoreData. Обикновено тук се съхраняват данни, които имат по-сложна структура и по-голям обем. Използването е малко по-трудоемко понеже трябва да си създадем дейта модел и да си имплементираме основните методи, нужни за CoreData имплементацията. Но нас пак ни интересува по-скоро колко сигурен е този метод. CoreData, подобно на NSUserDefaults, съхранява инфорамацията във файл в бъндъла на приложението. Това файл преставлява sqllite database. За да видя данните, аз просто трябва да намеря програма, която отваря sqlite файлове - такива колкото искаш в интернет. Дори файърфокс може да го направи. До какъв извод стигаме - най-популярните места за съхранение на данни са с много ниска степен на сигурност.
#13: И сега правилния начин за съхранение -

狠狠撸

iOS Development - Tips & Tricks

Recommended

More Related Content

Viewers also liked (18)

Similar to iOS Development - Tips & Tricks (20)

Recently uploaded (20)

iOS Development - Tips & Tricks

Editor's Notes