ios - 如何在未越狱的 iphone 5 上对 iOS 应用程序执行 sql 注入(inject)测试?
<p><p>我最近参与了 iOS 应用的安全测试。该应用在 iphone 5 上的 iOS 上运行。此应用类似于 <strong>"bookmyshow"</strong> 应用,用户可以在其中预订在城市各个地方发生的事件。</p>
<p>我需要执行 sql 注入(inject)测试并报告安全错误(如果有)。我对这项任务一无所知。任何帮助将不胜感激。 </p>
<p><strong>注意:</strong>设备为普通iphone 5,越狱设备不可用。</p>
<p>提前致谢,</p>
<p>新手_学生</p></p>
<br><hr><h1><strong>Best Answer-推荐答案</ strong></h1><br>
<p><p>您可以阅读以下文档:</p>
<ul>
<li> <a href="https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet" rel="noreferrer noopener nofollow">IOS Application Security Testing Cheat Sheet</a> </li>
<li> <a href="http://www.slideshare.net/jasonhaddix/pentesting-ios-applications" rel="noreferrer noopener nofollow">Pentesting iOS Applications</a> </li>
<li> <a href="http://technet.weblineindia.com/mobile/how-to-prevent-sql-injection-in-ios-apps/2/" rel="noreferrer noopener nofollow">How to prevent SQL Injection in iOS apps?</a> </li>
<li> <a href="https://www.mdsec.co.uk/research/iOS_Application_Insecurity_wp_v1.0_final.pdf" rel="noreferrer noopener nofollow">iOS Application (In)Security</a> </li>
<li> <a href="https://reverse.put.as/wp-content/uploads/2011/06/Syscan-2012-iOS-Applications-and-the-Lion-City-Presso.pdf" rel="noreferrer noopener nofollow">iOS Applications Different Developers Same Mistakes </a> </li>
</ul>
<p>你必须知道你需要检查什么。这是有用的图片:</p>
<p> <img src="/image/oauH2.png" alt="enter image description here"/> </p>
<blockquote>
<p>The app is installed on my iOS 5. I am not sure about the database
this app is using or where is this located. I might be sounding quite
novice, but all I have is this iphone 5 with this app installed. Could
you please let me know how to know about database & its location on my
phone?
I need to perform sql injection testing & report security bugs if any.</p>
</blockquote>
<p>我认为您需要检查是否存在 sql 注入(inject)。在图像上它在右侧。</p>
<p>您可以简单地连接到 wi-fi 网络,您的服务器/计算机可以在其中记录来自您的应用的请求。例如,使用一些 HTTP 代理/HTTP 监视器,使您能够查看应用程序和 Internet 之间的所有 HTTP 和 HTTPS 流量。第一个链接有工具。</p></p>
<p style="font-size: 20px;">关于ios - 如何在未越狱的 iphone 5 上对 iOS 应用程序执行 sql 注入(inject)测试?,我们在Stack Overflow上找到一个类似的问题:
<a href="https://stackoverflow.com/questions/28717603/" rel="noreferrer noopener nofollow" style="color: red;">
https://stackoverflow.com/questions/28717603/
</a>
</p>
页:
[1]