iOS Testing
This guide covers iOS/iPadOS 13 – 17 application penetration testing. It may work fine on older iOS versions, but I do not usually perform testing activities on those older versions of iOS.
Apple Security Guide
With each major iOS release, Apple updates the Platform Security guide. This guide describes the overall implementation of security features - both hardware and software - for the latest release. To fully understand the security features of both the device and iOS, it is recommended that you read through the security guide.
The latest guide is located at: https://support.apple.com/en-ca/guide/security/welcome/web
OWASP Mobile Top 10 (2024)
M1: Improper Credential Usage
M2: Inadequate Supply Chain Security
M3: Insecure Authentication/Authorization
M4: Insufficient Input/Output Validation
M5: Insecure Communication
M6: Inadequate Privacy Controls
M7: Insufficient Binary Protections
M8: Security Misconfiguration
M9: Insecure Data Storage
M10: Insufficient Cryptography
OWASP Mobile Testing Guide
OWASP produces a very good mobile application penetration testing guide. It covers both Android & iOS, and is frequently updated. For a more complete guide of testing procedures, I highly recommend that you use the OWASP guide during any testing engagements!