Wednesday, April 2, 2014

Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs

Damn Vulnerable iOS App (DVIA)
is an iOS application that is damn vulnerable. Its main goal is to
provide a platform to mobile security enthusiasts/professionals or
students to test their iOS penetration testing skills in a legal
environment. This application covers all the common vulnerabilities
found in iOS applications (following OWASP top 10 mobile risks) and
contains several challenges that the user can try. This application also
contains a section where a user can read various articles on iOS
application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto iOS 7.0.4 .


DVIA


Vulnerabilities and Challenges Include …


  • Insecure Data Storage
  • Jailbreak Detection
  • Runtime Manipulation
  • Transport Layer Security
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching
All these vulnerabilities and their solutions have been tested up to iOS 7.0.4


The app also contains a section on iOS Application Security Tutorials
for those who want to learn iOS Application Pentesting. Every
challenge/vulnerability has a link for a tutorial that users can read to
learn more on that topic.


This app will only run on devices running iOS 7 or later. Users can
download the source code and run the application on previous versions of
iOS as well.


The app itself is free and can be downloaded from here but the solutions can be purchased for a cost of $19.



Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs