Blackhat Arsenal 2012 Releases: SIRA (Semi-Automated iOS Rapid Assessment) released at Arsenal
Apple’s App Store continues to grow in popularity, and iOS devices continue to have a high perception of security from both users and experts. However, applications on the App Store often have security or privacy flaws that are not apparent, even to sophisticated users. Security experts can find these flaws via manual tests, but the enormity of the App Store ensures that only a small minority of applications could ever be manually tested. This whitepaper explores the issues associated with assessing iOS applications and proposes techniques to inject automation into the assessment methodology.
SIRA Crew (Justin Engler, Josh Dubik and David Vo) during the interview Session. By the way, the SIRA software is an awesome piece of code. Those who are interested into iOS Assessment & Pentesting should really take a look about it.
SiRA is able to automate or semi-automate many of the steps involved in an application assessment. SiRA includes some assistance for all 7 of the major methodology steps outlined above. Not all automatable substeps are currently implemented, but work is ongoing. In addition, SiRA provides a convenient single location for a variety of manual and semi-automated functionalities. Finally, SiRA can automate your automation by providing a step-by-step guided methodology walkthrough with SiRA CruiseControl.
SiRA CruiseControl will automatically perform some steps, and will inform the user when it is time to perform a manual step. When the user indicates the step is complete, SiRA moves on to the next phase of the methodology. All file system changes are catalogued and tricky file formats are automatically decoded for ease of reference. In addition, automatic analysis will attempt to find security issues automatically during the assessment.
Download Tool & Do not forget Whitepaper & Keynote
Next ToolsTube with the SIRA Folks.