Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.
Vulnerabilities and Challenges Include …
- Insecure Data Storage
- Extension Vulnerabilities
- Attacks on third party libraries
- Jailbreak Detection
- Runtime Manipulation
- Piracy Detection
- Sensitive information in memory
- Transport Layer Security (http, https, cert pinning)
- Client Side Injection
- Information Disclosure
- Broken Cryptography
- Security Decisions via Untrusted input
- Side channel data leakage
- Application Patching
All these vulnerabilities and their solutions have been tested up to iOS 8.2
The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.
This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.
Download at Github project and source code for DVIA can be found here