iOS Application Web Application

Damn Vulnerable iOS Application (DVIA)

Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.

Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Extension Vulnerabilities
  • Attacks on third party libraries
  • Jailbreak Detection
  • Runtime Manipulation
  • Piracy Detection
  • Sensitive information in memory
  • Transport Layer Security (http, https, cert pinning)
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 8.2

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Download at Github project and source code for DVIA can be found here

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply