"Application developments for the iPhone and iPad have been skyrocketing in the past few years and although, based on Mac OSX, the development APIs are new and very specific to these devices. Ilja van Sprundel will discuss lessons learned from auditing iPhone and iPad applications. His presentation will cover the use of these APIs, why some of them aren't granular enough, why they might expose way too much attack surface, transport security, use of XML APIs, URL handling, use and misuse of UIWebView, format string bugs, and much more. He will discuss what apps are allowed to do when inside their sandbox once an application has been hacked. Ilja will cover problematic issues with common code patterns in iOS applications from a security point of view, and then offer possible solutions, workarounds, or mitigations."