GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → oversecured → OversecuredVulnerableiOSApp

oversecured / OversecuredVulnerableiOSApp

Licence: BSD-2-Clause license
Oversecured Vulnerable iOS App

Programming Languages

swift
15916 projects
ruby
36898 projects - #4 most used programming language

Labels

securityiosmobile-securityios-securityappsecvulnerable-applicationvulnerable-ios-apps

Projects that are alternatives of or similar to OversecuredVulnerableiOSApp

Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+1231.16%)
Mutual labels:  mobile-security, ios-security
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+388.41%)
Mutual labels:  appsec, vulnerable-application
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+7300%)
Mutual labels:  mobile-security, ios-security
Ovaa
Oversecured Vulnerable Android App
Stars: ✭ 152 (+10.14%)
Mutual labels:  mobile-security, appsec
Evabs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (+25.36%)
Mutual labels:  mobile-security
Vyapi
VyAPI - A cloud based vulnerable hybrid Android App
Stars: ✭ 75 (-45.65%)
Mutual labels:  mobile-security
Pivaa
Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
Stars: ✭ 71 (-48.55%)
Mutual labels:  mobile-security
Frida Snippets
Hand-crafted Frida examples
Stars: ✭ 1,081 (+683.33%)
Mutual labels:  mobile-security
awesome-security-articles
This repository contains links to awesome security articles.
Stars: ✭ 33 (-76.09%)
Mutual labels:  appsec
SSI Extra Materials
In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-69.57%)
Mutual labels:  appsec
Apkleaks
Scanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1861.59%)
Mutual labels:  mobile-security
Rms Runtime Mobile Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+765.22%)
Mutual labels:  mobile-security
Command Mobile Penetration Testing Cheatsheet
Mobile penetration testing android & iOS command cheatsheet
Stars: ✭ 221 (+60.14%)
Mutual labels:  mobile-security
Testowanieoprogramowania
Testowanie oprogramowania - Książka dla początkujących testerów
Stars: ✭ 146 (+5.8%)
Mutual labels:  mobile-security
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-73.91%)
Mutual labels:  appsec
Appmon
Documentation:
Stars: ✭ 1,157 (+738.41%)
Mutual labels:  mobile-security
Grapefruit
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Stars: ✭ 235 (+70.29%)
Mutual labels:  mobile-security
Iosreextension
A fast and elegant extension for VSCode used for iOSre projects.
Stars: ✭ 139 (+0.72%)
Mutual labels:  mobile-security
android-stalkerware
Various analysis of Android stalkerware
Stars: ✭ 88 (-36.23%)
Mutual labels:  mobile-security
mobilehacktools
A repository for scripting a mobile attack toolchain
Stars: ✭ 61 (-55.8%)
Mutual labels:  mobile-security
View All Similar Projects ➔

Description

Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

List of vulnerabilities

This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from this intentionally vulnerable app will receive detailed examination and analysis on our blog.

  1. Enabled iTunes file sharing allowing to browse and access files from Documents directory in file Info.plist.
  2. Session theft via ovia://deeplink/webview?url=... deeplink.
  3. Overwriting of arbitrary files via ovia://deeplink/save?data=...&name=... deeplink.
  4. Memory corruption via ovia://deeplink/save?data=...&name=...&offset=... deeplink.
  5. HTML injection via ovia://deeplink/alert?message=... deeplink.
  6. Hardcoded AES encryption key and IV in file Crypto.swift.
  7. Enabled (not disabled) caching in NetworkCalls.swift that saved credentials onto the device.
  8. Insecure ATS configuration allowing insecure connections in file Info.plist.
  9. Dumping the cache file to a public storage in file MainViewController.swift.

Licensed under the Simplified BSD License

Copyright (c) 2023, Oversecured Inc

https://oversecured.com/

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].