11. OWASP Mobile Top 10 Risk (2013-M1)
M1. 不安全的資料儲存(Insecure Data Storage)
M2. 弱伺服器端的控制(Weak Server Side Controls)
M3. 傳輸層保護不⾜足(Insufficient Transport Layer Protection)
M4. 客⼾戶端注⼊入(Client Side Injection)
M5. 粗糙的授權與認證(Poor Authorization and Authentication)
M6. 不適當的會話處理(Improper Session Handling)
M7. 安全決策是經由不受信任的輸⼊入(Security Decisions Via Untrusted Inputs)
M8. 側通道資料洩漏(Side Channel Data Leakage)
M9. 加密失效(Broken Cryptography)
M10. 敏感資訊洩漏(Sensitive Informaiton Disclosure)
12.
13. app itself
app /user data
automatically backed up by iCloud.
temporary files,clean when app restart
NSTemporaryDirectory
Library
Application Support
good place for configuration/template
Cache
Data that can be downloaded again or regenerated
Cookie
store cookies for sandbox webView
Prefences
NSUSerDefault
Ref: File System Programming Guide
44. King Of Design Pattern:MVC
Model
memory
View
API
plist
db
NSString
NSNumber
UILabel
encrypt()
08f90c1a417155361a5c4b8d297e0d78
2000
Money
2000
45. King Of Design Pattern:MVC
Model
memory
View
API
plist
db
NSString
NSNumber
UILabel
encrypt()
2000
08f90c1a417155361a5c4b8d297e0d78
need protection!!
Money
2000