Im wrapping up my Iphone app. Im just worried about security at our web server level. The data is being pulled over to the iphone app via web services.
What security measures can i put on the web services so that I am not vulnerable?
Thanks
Im wrapping up my Iphone app. Im just worried about security at our web server level. The data is being pulled over to the iphone app via web services.
What security measures can i put on the web services so that I am not vulnerable?
Thanks
A few pointers:
EDIT:
Have a look at this question for iPhone to .NET AES Interoperability.
It doesn't matter what you "put on" the WCF service if your WCF service is insecure. You must assume that an attacker can access your web service without the iPhone client. Is your web service vulnerable to sql injection? Are you exposing nasty functionality that could allow an attacker to read files on your server or to change another users account? Keep OWASP Injection flaws in mind. Use HTTPS to keep your clients safe from spilling information. The rest should be making sure the functionality you expose is safe.
An attacker will be able find any secret key or password you try and store in your iPhone binary or in memory. The attacker has more control over the iPhone than you do, he can jail break the device and then there is no place to hide.
You can secure your services with normal HTTP Auth, SSL if you're not using the web service payload to implement authentication. Are you the server side programmer too?