Revision as of 20:02, 3 February 2014 by Jason Haddix (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Welcome to the Damn Vulnerable iOS Application home page.

Damn Vulnerable iOS application is a project started by Prateek Gianchandani which gives mobile testers and developers an iOS application to practice attacking/defending skill sets. Each challenge area corresponds to an in-depth article designed to teach the fundamentals of mobile security on the iOS platform. Some challenge categories include multiple challenge types.

Current Challenge Categories:

  • Insecure Data Storage (4 exercises)
  • Jailbreak Detection (2 exercises)
  • Runtime Manipulation (3 exercises)
  • Transport Layer Security (1 exercise)
  • Client Side Injection (1 exercise)
  • Broken Cryptography (1 exercise)
  • Binary Patching (4 exercises)

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP iGoat Project (home page)
Purpose: The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat.

Similar to WebGoat (developer), the user is presented with a series of lessons surrounding numerous vulnerabilities associated with iOS apps. The student exploits each vulnerability to validate its existence, and then he implements a remediation in the lesson's source code.

Further, iGoat is designed and implemented modularly, similar conceptually to WebGoat's modular Java EE servlet model. It is intended to provide a foundational framework to build lessons on top of, starting with a core set of lessons provided in the first release.

iGoat can be downloaded here: http://code.google.com/p/owasp-igoat/

License: GPL v3
who is working on this project?
Project Leader(s):
Project Contributor(s):
  • Jonathan Carter @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
[[OWASP iGoat Project Source (2.1)] https://code.google.com/p/owasp-igoat/]
last reviewed release
Not Yet Reviewed

other releases