From the course: Writing Secure Code in iOS by Infosec
Join today to access over 24,900 courses taught by industry experts.
Special characters, part 1
From the course: Writing Secure Code in iOS by Infosec
Special characters, part 1
- Let's go take a look at special characters. Now, there are a number of different kinds of special characters, but specifically, let's look at the string literals in Swift. What's the risk? Well, special characters can sometimes be misinterpreted as commands. And common examples would be single quote, double quote, dot, forward and backslash. You'd want to probably search for and exclude characters that you know could be harmful in your string. For example, if I saw ../ that could be used in a directory traversal attack in a website. Special characters, the only thing is that they are language-specific. They're context-specific. There's no one-size-fits-all for unsafe characters 'cause what works for this won't work for that, works for the other. It depends on the language and the platform of the target. In Swift, we escape special characters. We make them literal with a backslash. Here are Swift's string literal special characters. Now, Swift has string in character types. They are…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding input risks14m 13s
-
(Locked)
Autocorrect and autofill10m 43s
-
(Locked)
Activity: Disabling autocorrection10m 53s
-
(Locked)
Special characters, part 114m 23s
-
Special characters, part 27m 28s
-
(Locked)
Format string attack, part 17m 58s
-
(Locked)
Format string attack, part 28m 38s
-
(Locked)
Format string attack, part 36m 49s
-
(Locked)
Activity: Playing with format strings9m 53s
-
(Locked)
Input sanitization12m 42s
-
(Locked)
Input sanitization techniques: Regular expressions, part 18m 18s
-
(Locked)
Input sanitization techniques: Regular expressions, part 26m 59s
-
(Locked)
Activity: Regular expressions, part 18m 17s
-
(Locked)
Activity: Regular expressions, part 26m 53s
-
(Locked)
Activity: Regular expressions, part 37m 31s
-
(Locked)
Activity: Sanitizing input, part 110m 44s
-
Activity: Sanitizing input, part 213m 45s
-
(Locked)
Property wrappers9m 27s
-
(Locked)
Activity: Trimming whitespace and newlines with a property wrapper6m 38s
-
(Locked)
Activity: Value clamping with a property wrapper6m 48s
-
(Locked)
Activity: Sanitizing input with a property wrapper7m 18s
-
(Locked)
Null bytes7m 27s
-
(Locked)
Cross-site attacks12m 8s
-
(Locked)
Activity: Exploring XSS attacks10m 10s
-
(Locked)
Code injection14m 51s
-
(Locked)
Activity: Filtering a malicious QR code, part 112m 11s
-
(Locked)
Activity: Filtering a malicious QR code, part 25m 31s
-
(Locked)
SQL injection, part 111m 4s
-
(Locked)
SQL injection, part 24m 13s
-
(Locked)
Object deserialization7m 20s
-
(Locked)
Activity: Installing Alamofire and SwiftyJSON pods3m 36s
-
(Locked)
Activity: Securely working with JSON, part 112m 49s
-
(Locked)
Activity: Securely working with JSON, part 29m 23s
-
WebView protection4m 48s
-
(Locked)
Activity: Protecting users against insecure UIWebView10m 44s
-
(Locked)
-
-
-
-
-
-