You’ve done the AES thing to your data, so now your app is secure, right? No. Many (possibly most) iOS programs that use AES use it incorrectly and insecurely. Some of the most popular examples on the internet are unfortunately wrong. Are you confused about how to handle the IV and salt? Do you just ignore them? You need this session.
Do you think AES alone protects your data from tampering? It doesn’t. Your “$10” field can easily be changed to “$50”, even if the attacker doesn’t know the password. You need an HMAC to protect against that. Never heard of an HMAC? You need this session.
Self-signed certificates are dangerous, right? Wrong. They can be more trustworthy than that commercial certificate you’re paying for, but only if they’re managed correctly. Improve security and save money at the same time. What could be better?
Veteran security risk assessor, Rob Napier, will show you how to avoid these and other common security mistakes he’s seen in product after product. This session will focus on issues impacting iOS, though most of them apply equally to OS X.