The Swift language was born on the client side, but since it was open-sourced in late 2015, it has gained wide momentum in the server community. However, security and the threat vectors that are introduced are among the challenges that exist in bringing Swift to the server side. Understanding these threats and designing proper protection mechanisms is crucial before end-to-end Swift applications can be written and deployed.
Gelareh Taban explains how security can be built into a Swift server application, using an end-to-end Swift app to demonstrate how a client can communicate with a web service securely and access service resources with proper authentication and authorization. Gelareh discusses best practices in using the new Swift security frameworks as well as the Swift language itself, illustrating how building upon the safety features of the language can prevent many common vulnerabilities that plague servers thus reducing their attack surface.
Gelareh Taban is the security lead for the Swift@IBM team in Austin, TX, where she is responsible for the security of the Swift server runtime as well as the security of the Swift@IBM applications Swift Sandbox and the Swift Package Catalog. Previously, Gelareh was a researcher with IBM Austin Research Lab (ARL) and Samsung Research America in Dallas and a security engineer on Apple’s Application Security team. She holds a PhD from the University of Maryland, College Park, where her research focused on key management and secure data aggregation.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org