Difference between revisions of "Projects/OWASP Mobile Security Project - Mobile Tools"

From OWASP
Jump to: navigation, search
Line 18: Line 18:
  
 
== iGoat ==
 
== iGoat ==
 +
 +
iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.
 +
 +
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
 +
 +
The lessons are laid out in the following steps:
 +
 +
# Brief introduction to the problem.
 +
# Verify the problem by exploiting it.
 +
# Brief description of available remediations to the problem.
 +
# Fix the problem by correcting and rebuilding the iGoat program.
 +
 +
Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.
 +
 +
iGoat is free software, released under the GPLv3 license.
  
 
[https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Dangers_of_Jailbreaking_and_Rooting_Mobile_Devices Dangers of Jailbreaking & Rooting Mobile Devices]
 
[https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Dangers_of_Jailbreaking_and_Rooting_Mobile_Devices Dangers of Jailbreaking & Rooting Mobile Devices]
  
 
== MobiSec ==
 
== MobiSec ==

Revision as of 09:44, 22 May 2013

Contents

iMas

iMAS is a collaborative research project from the MITRE Corporation focused on open source iOS security controls. Today, iOS meets the enterprise security needs of customers, however many security experts cite critical vulnerabilities and have demonstrated exploits, which pushes enterprises to augment iOS deployments with commercial solutions. The iMAS intent is to protect iOS applications and data beyond the Apple provided security model and reduce the adversary’s ability and efficiency to perform recon, exploitation, control and execution on iOS mobile applications. iMAS will transform the effectiveness of the existing iOS security model across major vulnerability areas including the System Passcode, jailbreak, debugger / run-time, flash storage, and the system keychain. Research outcomes include an open source secure application framework, including an application container, developer and validation tools/techniques.

iMas Project Page

The source code for iMAS is available on GitHub: Source Code

GoatDroid

The OWASP GoatDroid Project is a fully functional and self-contained environment for learning about Android security.

GoatDroid requires minimal dependencies, and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location based social network, and Herd Financial, a mobile banking application.

You can find GoatDroid on GitHub: Source Code

GoatDroid Project Page

iGoat

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

Dangers of Jailbreaking & Rooting Mobile Devices

MobiSec