From the course: Writing Secure Code in iOS by Infosec
Join today to access over 25,300 courses taught by industry experts.
Input sanitization
From the course: Writing Secure Code in iOS by Infosec
Input sanitization
- A lot of folks talk about how you have to sanitize your input. What does that mean? How do we do it? Well, let's take a look. Input sanitization is the act of, in your code, removing or replacing or neutralizing any incoming characters that are potentially harmful. It's a general defense for stopping any number of attacks. If you do it right, it could stop all kinds of attacks that you might not even foresee. Now, it won't catch everything, obviously, but it will catch a lot. It will restrict attacks, make them more difficult to execute against you. And there's a cute little cartoon here that several people have been banding about. You can see it here in this location. And here's mom on the phone with her son's school. "Hi, it's your son's school, we're having trouble." "Oh, dear. What did he break? Did he break something?" "In a way." "Did you really name your son Robert'; DROP TABLE Students; ~~?" "Oh, yes, Little Bobby Tables, we call him. " And the school, "Well, we've lost the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding input risks14m 13s
-
(Locked)
Autocorrect and autofill10m 43s
-
(Locked)
Activity: Disabling autocorrection10m 53s
-
(Locked)
Special characters, part 114m 23s
-
Special characters, part 27m 28s
-
(Locked)
Format string attack, part 17m 58s
-
(Locked)
Format string attack, part 28m 38s
-
(Locked)
Format string attack, part 36m 49s
-
(Locked)
Activity: Playing with format strings9m 53s
-
(Locked)
Input sanitization12m 42s
-
(Locked)
Input sanitization techniques: Regular expressions, part 18m 18s
-
(Locked)
Input sanitization techniques: Regular expressions, part 26m 59s
-
(Locked)
Activity: Regular expressions, part 18m 17s
-
(Locked)
Activity: Regular expressions, part 26m 53s
-
(Locked)
Activity: Regular expressions, part 37m 31s
-
(Locked)
Activity: Sanitizing input, part 110m 44s
-
Activity: Sanitizing input, part 213m 45s
-
(Locked)
Property wrappers9m 27s
-
(Locked)
Activity: Trimming whitespace and newlines with a property wrapper6m 38s
-
(Locked)
Activity: Value clamping with a property wrapper6m 48s
-
(Locked)
Activity: Sanitizing input with a property wrapper7m 18s
-
(Locked)
Null bytes7m 27s
-
(Locked)
Cross-site attacks12m 8s
-
(Locked)
Activity: Exploring XSS attacks10m 10s
-
(Locked)
Code injection14m 51s
-
(Locked)
Activity: Filtering a malicious QR code, part 112m 11s
-
(Locked)
Activity: Filtering a malicious QR code, part 25m 31s
-
(Locked)
SQL injection, part 111m 4s
-
(Locked)
SQL injection, part 24m 13s
-
(Locked)
Object deserialization7m 20s
-
(Locked)
Activity: Installing Alamofire and SwiftyJSON pods3m 36s
-
(Locked)
Activity: Securely working with JSON, part 112m 49s
-
(Locked)
Activity: Securely working with JSON, part 29m 23s
-
WebView protection4m 48s
-
(Locked)
Activity: Protecting users against insecure UIWebView10m 44s
-
(Locked)
-
-
-
-
-
-