iGoat - A Deliberately Insecure iOS Application
iGoat is a security learning tool for iOS developers (iPhone, iPad, etc.).
It is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
The lessons are laid out in the following steps:
- Brief introduction to the problem.
- Verify the problem by exploiting it.
- Brief description of available remediations to the problem.
- Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.
Vulnerabilities:
- Key Management
- Hardcoded Encryption Keys
- Key Storage Server Side
- Random Key Generation
- URL Scheme Attack
- Social Engineering
- Reverse Engineering
- String Analysis
- Data Protection (Rest)
- Local Data Storage (SQLite)
- Plist Storage
- Keychain Usage
- NSUserDefaults Storage
- Data Protection (Transit)
- Server Communication
- Public Key Pinning
- Authentication
- Remote Authentication
- Side Channel Data Leaks
- Device Logs
- Cut-and-Paste
- Backgrounding
- Keystroke Logging
- Tamepring
- Method Swizzling
- Injection Flaws
- SQL Injection
- Cross Site Scripting
- Broken Cryptography
Source: www.effecthacking.com
iGoat - A Deliberately Insecure iOS Application
Reviewed by Anonymous
on
12:14 AM
Rating:
Reviewed by Anonymous
on
12:14 AM
Rating:
