Thursday, 10 October 2024
iOS Application Web Application

Damn Vulnerable iOS Application (DVIA)

Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.
Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Extension Vulnerabilities
  • Attacks on third party libraries
  • Jailbreak Detection
  • Runtime Manipulation
  • Piracy Detection
  • Sensitive information in memory
  • Transport Layer Security (http, https, cert pinning)
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 8.2
The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.
This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.
Download at Github project and source code for DVIA can be found here

Post Comment