Join us for Wild West Hackin’ Fest Mile High conference! Register Here

Practical iOS Application Security Testing with Cameron Cartier and Dave Blandford

Course Authored by and .

Practical iOS Application Security Testing with Cameron Cartier and Dave Blandford

This course will focus on testing iOS applications. We will give students hands-on experience with both static and dynamic analysis of multiple applications.

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: WWHF Mile High 2026 - Link at bottom.

Description

The mobile device ecosystem presents a unique attack surface that is often overlooked by organizations. With both personal and business usage of smart phones increasing, it is important to ensure the safety of mobile applications. Testing mobile applications is a vital component of protecting both the user and the business—from reviewing the build files that are in the application package to analyzing how the application operates during runtime and ensuring the network calls do not include vulnerabilities. This course will focus on testing iOS applications. We will give students hands-on experience with both static and dynamic analysis of multiple applications. Students will also come away with an understanding of iOS exploits and the threat landscape, as well as the know-how to set up and configure a testing environment for iOS applications.

  • Student Requirements
    • Students will be required to purchase a Corellium trial license. Special instructions on completing this for the course will be provided on the first day. Alternatively, students may bring their own jailbroken device; however, support for these devices cannot be guaranteed.
    • Optional: An iDevice to jailbreak. We will use virtualization software for all of the labs, but those who wish to bring their own device to learn how to interface with the hardware may.

Syllabus

1: Mobile Problems and Opportunities

  • Challenges and Opportunities for Secure Mobile Phone Deployments

  • The iOS Threat Model

  • Weaknesses Specific to Mobile Devices

2: The iOS environment in Relation to Apps

  • OS Security Controls

  • Application Sandboxing

3: Static Analysis

  • Reverse Engineering

  • File System Exploration

  • Searching for Secrets

  1. Runtime Analysis

  • Hooking the Application Process at Runtime

  • Modifying Application Behavior to Bypass Jailbreak Detection

5: Network Analysis

  • Analyzing Traffic from an Application

  • Discovering and Exploiting API Vulnerabilities

  • CTF Challenge

FAQ

KEY TAKEAWAYS

• Students will learn the fundamentals of the iOS application ecosystem.
• Students will be able to configure their testing environment.
• Students will be able to perform static analysis of iOS applications.
• Students will be able to intercept and modify traffic from the device.
• Students will gain experience understanding and executing common exploits.

WHO SHOULD TAKE THIS COURSE

• Professional penetration testers specializing in other areas
• Developers interested in security
• Anyone interested in testing iOS applications

AUDIENCE SKILL LEVEL/PREREQUISITES

This is an introductory level course which assumes no experience with mobile penetration testing. The course covers concepts in programming, networking, and GNU Linux. It is recommended that students have a basic understanding of these fundamentals.

WHAT EACH STUDENT SHOULD BRING

A computer with a bash terminal and capable of running a virtual machine, a natural curiosity, and plenty of patience.

WHAT STUDENTS WILL BE PROVIDED WITH

Students will receive course slides and author notes, lab exercises and virtual machines.

LAB REQUIREMENTS

None.

About the Instructors

Pixel splash background
Cameron Cartier Headshot
Cameron Cartier
Bio

Cameron Cartier is a security consultant at Black Hills Information Security. She holds a master’s degree in computer science from the University of Utah where she studied Tor and other privacy-enhancing technologies. In her role at BHIS, Cameron specializes in social engineering, physical security testing, and web application exploitation. Outside of work, Cameron is an amateur cage fighter and rock climber.

Pixel splash background
David Blandford Headshot
David Blandford
Bio

David Blandford joined Black Hills Information Security (BHIS) in the spring of 2024 as a Security Analyst. In this role, he evaluates the security of web applications, mobile applications, cloud environments, and networks through the eyes of an attacker, working with companies to ensure their networks are secure. Previously, David has worked in many security roles such as a network engineer, software developer, and penetration tester, and he is currently a member of the Michigan National Guard’s Cyber Protection Team. He chose BHIS for the opportunity to work with “some of the brightest minds in the industry.” He thinks the best part is the people, as well as being able to contribute to the community through classes, webinars, presentations, tooling, etc. Outside of work, David can be found going on adventures with his family, weightlifting, and trying to listen to all of the albums in Rolling Stone’s top 500 albums (Fleetwood Mac’s “Rumours” is his favorite so far!).

This class is being taught at Wild West Hackin’ Fest – Mile High 2026.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

Related products

Shopping Cart

No products in the cart.