SlideShare una empresa de Scribd logo

Designing a Secure Cocoa App

Descargar como ZIP, PDF
Graham Lee
Graham Lee

A presentation I delivered to NSConference 2009, on security principles for Cocoa developers to follow.

Tecnología
1 de 61
Building a secure Cocoa application Graham Lee (@iamleeg)
MOAB - Jan 2007 OS Apple apps Other apps 27% 47% 27% Source - http://projects.info-pull.com/moab/
Principles c2 a2 b 2
What is a threat?
What is a threat?
What is a threat?
What is a threat?
Who is the misuser?
Who is the misuser?
Who is the misuser? What’s my motivation??
Who is the misuser? What’s my motivation?? How risk- averse am I?
Who is the misuser? What’s my motivation?? How risk- averse am I? What skills and resources can I use?
Assets
Assets
Assets
Assets
Assets
Assets credit: freefoto.com
C I A
Confidentiality I A
Confidentiality I ntegrity A
Confidentiality I ntegrity A vailability
I’m sorry, Dave…
I’m sorry, Dave… • We remember -rwxrwxrwx
I’m sorry, Dave… • We remember -rwxrwxrwx • What about “group:everyone deny delete”?
Keychain
Keychain •Secure storage…
Keychain •Secure storage… •…with access control!
Keychain •Secure storage… •…with access control! •Really simple API (simpler on iPhone :P)
Keychain •Secure storage… •…with access control! •Really simple API (simpler on iPhone :P) •SecKeychainFindInternetPassword()
Keychain •Secure storage… •…with access control! •Really simple API (simpler on iPhone :P) •SecKeychainFindInternetPassword() •Even protects against “cold boot”* *http://citp.princeton.edu/memory/
Keychain •Secure storage… •…with access control! •Really simple API (simpler on iPhone :P) •SecKeychainFindInternetPassword() •Even protects against “cold boot”* •…if used carefully *http://citp.princeton.edu/memory/
my secret password my secret password my secret password
Confidentiality I ntegrity A vailability
How to sign code
How to sign code Erm, that’s it.
Confidentiality I ntegrity A vailability
launchd
launchd • pretty sweet (on 10.5)
launchd • pretty sweet (on 10.5) • somewhat sweet on 10.4
launchd • pretty sweet (on 10.5) • somewhat sweet on 10.4 • 10.3 still exists?!?
launchd • pretty sweet (on 10.5) • somewhat sweet on 10.4 • 10.3 still exists?!? • check out <key>KeepAlive</key> for watchdog-related goodness, in launchd.plist(5)
Exercise 1 :-)
Exercise 1 :-)
S T R I D E
Spoofing T R I D E
Spoofing Tampering R I D E
Spoofing Tampering Repudiation I D E
Spoofing Tampering Repudiation I nformation leak D E
Spoofing Tampering Repudiation I nformation leak Denial of Service E
Spoofing Tampering Repudiation I nformation leak Denial of Service E levation of Privilege
Authorisation Services
Authorisation Services SFAuthorizationView
Authorisation Services SFAuthorizationView
Authorisation Services SFAuthorizationView
Authorisation Services SFAuthorizationView <key>system.preferences.accounts </key> <dict> AuthorizationRights <key>allow-root</key> <true/> <key>class</key> <string>user</string> <key>comment</key> <string><!-- … --> </string> <key>group</key> <string>admin</string> <key>shared</key> <false/> </dict>
Demo c a
?

Recomendados

Sign your code
Sign your codeSign your code
Sign your codeGraham Lee
 
Beyond build and analyze
Beyond build and analyzeBeyond build and analyze
Beyond build and analyzeGraham Lee
 
Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Graham Lee
 
Crypto storage
Crypto storageCrypto storage
Crypto storageGraham Lee
 
Dial M For Mitigation
Dial M For MitigationDial M For Mitigation
Dial M For MitigationGraham Lee
 
Taking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDTaking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDGraham Lee
 
The Principled Programmer
The Principled ProgrammerThe Principled Programmer
The Principled ProgrammerGraham Lee
 
Cross platform Objective-C Strategy
Cross platform Objective-C StrategyCross platform Objective-C Strategy
Cross platform Objective-C StrategyGraham Lee
 

Recomendados

Sign your code
Sign your codeSign your code
Sign your codeGraham Lee
 
Beyond build and analyze
Beyond build and analyzeBeyond build and analyze
Beyond build and analyzeGraham Lee
 
Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Presentations and Podcasts - OxMug July 2009
Presentations and Podcasts - OxMug July 2009Graham Lee
 
Crypto storage
Crypto storageCrypto storage
Crypto storageGraham Lee
 
Dial M For Mitigation
Dial M For MitigationDial M For Mitigation
Dial M For MitigationGraham Lee
 
Taking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDTaking a Test Drive: iOS Dev UK guide to TDD
Taking a Test Drive: iOS Dev UK guide to TDDGraham Lee
 
The Principled Programmer
The Principled ProgrammerThe Principled Programmer
The Principled ProgrammerGraham Lee
 
Cross platform Objective-C Strategy
Cross platform Objective-C StrategyCross platform Objective-C Strategy
Cross platform Objective-C StrategyGraham Lee
 
Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008Raffael Marty
 
IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008Raffael Marty
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Rails Security
Rails SecurityRails Security
Rails SecurityWen-Tien Chang
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Damien Seguy
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and ConsequencesMohammed Almeshekah
 
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing ShortfallsWhat Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing ShortfallsDevOps.com
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Rafał Hryniewski
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...Rudy Jahchan
 
Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Masoud Kalali
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishMarkus Eisele
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)James Titcumb
 
JavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for EveryoneJavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for EveryoneDerek Featherstone
 
2015 09-18-jug summer camp
2015 09-18-jug summer camp2015 09-18-jug summer camp
2015 09-18-jug summer campSebastien Gioria
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....Sebastien Gioria
 
Liferay hardening principles
Liferay hardening principlesLiferay hardening principles
Liferay hardening principlesAmbientia
 
Object-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftObject-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftGraham Lee
 
Taking a Test Drive
Taking a Test DriveTaking a Test Drive
Taking a Test DriveGraham Lee
 

Más contenido relacionado

Similar a Designing a Secure Cocoa App

Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008Raffael Marty
 
IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008Raffael Marty
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Damien Seguy
 
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing ShortfallsWhat Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing ShortfallsDevOps.com
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Rafał Hryniewski
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...Rudy Jahchan
 
Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Masoud Kalali
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishMarkus Eisele
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)James Titcumb
 
JavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for EveryoneJavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for EveryoneDerek Featherstone
 
2015 09-18-jug summer camp
2015 09-18-jug summer camp2015 09-18-jug summer camp
2015 09-18-jug summer campSebastien Gioria
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....Sebastien Gioria
 
Liferay hardening principles
Liferay hardening principlesLiferay hardening principles
Liferay hardening principlesAmbientia
 

Similar a Designing a Secure Cocoa App (20)

Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008Security Research2.0 - FIT 2008
Security Research2.0 - FIT 2008
 
IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008IT Data Visualization - Sumit 2008
IT Data Visualization - Sumit 2008
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and Consequences
 
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing ShortfallsWhat Going All-Remote Taught Us About Appsec and Testing Shortfalls
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10
 
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
iOSDevCamp 2011 - Getting "Test"-y: Test Driven Development & Automated Deplo...
 
Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)
 
JavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for EveryoneJavaScript and Accessibility: Creating Interface Magic for Everyone
JavaScript and Accessibility: Creating Interface Magic for Everyone
 
2015 09-18-jug summer camp
2015 09-18-jug summer camp2015 09-18-jug summer camp
2015 09-18-jug summer camp
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....
 
Liferay hardening principles
Liferay hardening principlesLiferay hardening principles
Liferay hardening principles
 

Más de Graham Lee

Object-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftObject-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftGraham Lee
 
Taking a Test Drive
Taking a Test DriveTaking a Test Drive
Taking a Test DriveGraham Lee
 
Smartphone security and privacy: you're doing it wrong
Smartphone security and privacy: you're doing it wrongSmartphone security and privacy: you're doing it wrong
Smartphone security and privacy: you're doing it wrongGraham Lee
 
Unit testing for Cocoa developers
Unit testing for Cocoa developersUnit testing for Cocoa developers
Unit testing for Cocoa developersGraham Lee
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
Intel Briefing Notes
Intel Briefing NotesIntel Briefing Notes
Intel Briefing NotesGraham Lee
 

Más de Graham Lee (6)

Object-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in SwiftObject-Oriented Programming in Functional Programming in Swift
Object-Oriented Programming in Functional Programming in Swift
 
Taking a Test Drive
Taking a Test DriveTaking a Test Drive
Taking a Test Drive
 
Smartphone security and privacy: you're doing it wrong
Smartphone security and privacy: you're doing it wrongSmartphone security and privacy: you're doing it wrong
Smartphone security and privacy: you're doing it wrong
 
Unit testing for Cocoa developers
Unit testing for Cocoa developersUnit testing for Cocoa developers
Unit testing for Cocoa developers
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Intel Briefing Notes
Intel Briefing NotesIntel Briefing Notes
Intel Briefing Notes
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Designing a Secure Cocoa App

Notas del editor

  1. The goal of this presentation is to give you an idea of how security experts think about designing security into applications. A few examples of Mac OS X technologies will be used to indicate how these principles can be applied in real applications. Finally, we&amp;#x2019;ll look at an example of a vulnerability in an app, so that we can apply the ideas we&amp;#x2019;ve learned.
  2. Why should I want to talk about security, and why should you want to listen? The press and security researchers like talking about insecure Macs. They don&amp;#x2019;t care whether the holes are in our apps or in Apple&amp;#x2019;s; come to that, neither do our customers. If my app is less secure than the competitor&amp;#x2019;s then that&amp;#x2019;s a reason to choose the competition; just like UI fit and finish, usability or performance.
  3. First, remember that security is not a one-size-fits-all operation. Something which works in one context may not be appropriate elsewhere. Questions to ask are of risk: what could go wrong, how likely is it and what would the impact be? Can I live with that? How much am I (or my customers) willing to pay to reduce that risk? My &amp;#x201C;Pythagoras theorem&amp;#x201D;, i.e. my fundamental rule of software security is to think of it like real-world security. Securing an office building by locking _everyone_ out would stop burglars getting in, but it would stop the workers getting in too. Ultimately the user has to be confident that they can get their work done without untoward problems, just as good real-world security provides assurance that law-abiders can go about their business.
  4. So if we want to identify and mitigate threats which pose a risk to our app, we need to know what a threat is. We want to know _who_ is doing something which compromises our app, _what_ they get by doing it (or, conversely, what we lose), and _how_ they get in and acquire that asset.
  5. So if we want to identify and mitigate threats which pose a risk to our app, we need to know what a threat is. We want to know _who_ is doing something which compromises our app, _what_ they get by doing it (or, conversely, what we lose), and _how_ they get in and acquire that asset.
  6. So if we want to identify and mitigate threats which pose a risk to our app, we need to know what a threat is. We want to know _who_ is doing something which compromises our app, _what_ they get by doing it (or, conversely, what we lose), and _how_ they get in and acquire that asset.
  7. So if we want to identify and mitigate threats which pose a risk to our app, we need to know what a threat is. We want to know _who_ is doing something which compromises our app, _what_ they get by doing it (or, conversely, what we lose), and _how_ they get in and acquire that asset.
  8. So if we want to identify and mitigate threats which pose a risk to our app, we need to know what a threat is. We want to know _who_ is doing something which compromises our app, _what_ they get by doing it (or, conversely, what we lose), and _how_ they get in and acquire that asset.
  9. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  10. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  11. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  12. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  13. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  14. Could be a malicious person, could be someone accidentally exploiting a problem, such as misconfiguring their own application. That&amp;#x2019;s why I used the term &amp;#x201C;misuser&amp;#x201D; instead of &amp;#x201C;abuser&amp;#x201D;. They could be known to the customer/user or you or not. Each attacker will have different characteristics. Example: CanSecWest held the pwn2own competition, where competitors were encouraged to compromise various computers in order to win that computer as a prize. In that arena, the attacker is motivated by personal gain, there is little to no chance of recrimination so they&amp;#x2019;re likely to take huge risks and it&amp;#x2019;s also probable that they&amp;#x2019;d be security experts. That&amp;#x2019;s quite an edge case though.
  15. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  16. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  17. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  18. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  19. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  20. The assets in an application can be tangible data held by the app, such as a password, a user&amp;#x2019;s identity or some information of financial value. Alternatively they can be intangible; there&amp;#x2019;s no file on the Sophos webserver which actually contains the company&amp;#x2019;s reputation, but the reputation could still be damaged by a successful attack on the webserver content. The asset at risk could also be something which the app has access to but doesn&amp;#x2019;t actually &amp;#x201C;own&amp;#x201D;, such as the network connectivity or CPU time which are often the targets of zombie networks.
  21. So we can classify the importance of assets - and thus the value in protecting them - along at least three axes: * how much damage would be done (put another way: how much would it cost) if this asset were to be read by someone who shouldn&amp;#x2019;t be able to? * how much damage would be done if the asset were modified in an unexpected fashion? * how much damage would be done if the asset disappeared, or could not be used for the legitimate use cases?
  22. So we can classify the importance of assets - and thus the value in protecting them - along at least three axes: * how much damage would be done (put another way: how much would it cost) if this asset were to be read by someone who shouldn&amp;#x2019;t be able to? * how much damage would be done if the asset were modified in an unexpected fashion? * how much damage would be done if the asset disappeared, or could not be used for the legitimate use cases?
  23. So we can classify the importance of assets - and thus the value in protecting them - along at least three axes: * how much damage would be done (put another way: how much would it cost) if this asset were to be read by someone who shouldn&amp;#x2019;t be able to? * how much damage would be done if the asset were modified in an unexpected fashion? * how much damage would be done if the asset disappeared, or could not be used for the legitimate use cases?
  24. So we can classify the importance of assets - and thus the value in protecting them - along at least three axes: * how much damage would be done (put another way: how much would it cost) if this asset were to be read by someone who shouldn&amp;#x2019;t be able to? * how much damage would be done if the asset were modified in an unexpected fashion? * how much damage would be done if the asset disappeared, or could not be used for the legitimate use cases?
  25. Filesystem permissions can protect the confidentiality and integrity of persistent assets - up to a point. The super-user gets to trump the permissions model. Of course, it&amp;#x2019;s easier to change the permissions or ACLs on a file than it is to protect it against misuse - think carefully about what classes of user will be interacting with your app, and what they should be able to change or read.
  26. Filesystem permissions can protect the confidentiality and integrity of persistent assets - up to a point. The super-user gets to trump the permissions model. Of course, it&amp;#x2019;s easier to change the permissions or ACLs on a file than it is to protect it against misuse - think carefully about what classes of user will be interacting with your app, and what they should be able to change or read.
  27. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  28. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  29. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  30. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  31. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  32. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  33. Of course the filesystem permissions can be trumped by the super-user, but it&amp;#x2019;s not always the case that their superior status should mean they can read a regular user&amp;#x2019;s data. That&amp;#x2019;s where encryption comes in. Keychain is actually very easy to use for the usual case of keeping one password for an app to access a single service such as a web application or e-mail account.
  34. The longer a secret is kept in memory, the easier it is for a debugging tool such as gdb or F-Script Anywhere to retrieve it. Keychain allows us to pass around references to the encrypted secret, only retrieving the plain-text at the point where it&amp;#x2019;s really needed.
  35. The longer a secret is kept in memory, the easier it is for a debugging tool such as gdb or F-Script Anywhere to retrieve it. Keychain allows us to pass around references to the encrypted secret, only retrieving the plain-text at the point where it&amp;#x2019;s really needed.
  36. The longer a secret is kept in memory, the easier it is for a debugging tool such as gdb or F-Script Anywhere to retrieve it. Keychain allows us to pass around references to the encrypted secret, only retrieving the plain-text at the point where it&amp;#x2019;s really needed.
  37. So that was how we can protect the confidentiality and integrity (and to some extent, the availability) of filesystem assets. But what about the integrity of our app itself?
  38. So it&amp;#x2019;s incredibly easy to sign apps with Xcode, but for some reason few apps actually ship signed. Why is that? I think it&amp;#x2019;s because there&amp;#x2019;s very minimal UI related to the feature in Leopard, so it&amp;#x2019;s hard to see that there&amp;#x2019;s any benefit for the Mac user on the Clapham omnibus. However, look at the iPhone where the code signature is used everywhere, and the administration features on OS X (and Server) which rely on code signatures such as the application controls and the firewall.
  39. So it&amp;#x2019;s incredibly easy to sign apps with Xcode, but for some reason few apps actually ship signed. Why is that? I think it&amp;#x2019;s because there&amp;#x2019;s very minimal UI related to the feature in Leopard, so it&amp;#x2019;s hard to see that there&amp;#x2019;s any benefit for the Mac user on the Clapham omnibus. However, look at the iPhone where the code signature is used everywhere, and the administration features on OS X (and Server) which rely on code signatures such as the application controls and the firewall.
  40. So it&amp;#x2019;s incredibly easy to sign apps with Xcode, but for some reason few apps actually ship signed. Why is that? I think it&amp;#x2019;s because there&amp;#x2019;s very minimal UI related to the feature in Leopard, so it&amp;#x2019;s hard to see that there&amp;#x2019;s any benefit for the Mac user on the Clapham omnibus. However, look at the iPhone where the code signature is used everywhere, and the administration features on OS X (and Server) which rely on code signatures such as the application controls and the firewall.
  41. So, presumably, I&amp;#x2019;m going to address availability next.
  42. Launchd offers some very cool and flexible configuration as a service watchdog, so if there&amp;#x2019;s some service used by your app for which availability is important this should be your first port of call. Note that there were a few bugs on 10.4 and the whole thing was less flexible. 10.3 and before never existed - we have always been at war with Eurasia.
  43. Launchd offers some very cool and flexible configuration as a service watchdog, so if there&amp;#x2019;s some service used by your app for which availability is important this should be your first port of call. Note that there were a few bugs on 10.4 and the whole thing was less flexible. 10.3 and before never existed - we have always been at war with Eurasia.
  44. Launchd offers some very cool and flexible configuration as a service watchdog, so if there&amp;#x2019;s some service used by your app for which availability is important this should be your first port of call. Note that there were a few bugs on 10.4 and the whole thing was less flexible. 10.3 and before never existed - we have always been at war with Eurasia.
  45. Launchd offers some very cool and flexible configuration as a service watchdog, so if there&amp;#x2019;s some service used by your app for which availability is important this should be your first port of call. Note that there were a few bugs on 10.4 and the whole thing was less flexible. 10.3 and before never existed - we have always been at war with Eurasia.
  46. Look at this screenshot of iTunes, and rather than complaining about my taste in music try and think of what the various assets are. Which of the CIA attributes are important in each case? Who might have a stake in protecting them? Who might compromise them?
  47. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  48. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  49. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  50. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  51. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  52. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  53. So once we&amp;#x2019;ve identified a threat (I didn&amp;#x2019;t explicitly discuss entry points and routes around the app - those are highly app-specific), we can see what type of damage is done should the threat succeed.
  54. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  55. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  56. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  57. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  58. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  59. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  60. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.
  61. Does authorisation services protect us against elevation of privilege attacks? Not directly - note that the rights obtained are passed back to the calling application, which is running as the user who made the request - if the user can make the request they can do whatever was &amp;#x201C;behind&amp;#x201D; the right without bothering your app to acquire the right. This is why we must consider &amp;#x201C;factored&amp;#x201D; apps - where the auth right is used to invoke a privileged helper, which then retrieves the right from the calling app to verify that it really should perform the privileged task. In this way, the user cannot circumvent the requirement to obtain the right in order to perform the gated task.