iGoat - A Deliberately Insecure iOS Application

iGoat - Security Learning Tool

iGoat is a security learning tool for iOS developers (iPhone, iPad, etc.).

It is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.


The lessons are laid out in the following steps:
  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.


Vulnerabilities:

  • Key Management
    • Hardcoded Encryption Keys
    • Key Storage Server Side
    • Random Key Generation
  • URL Scheme Attack
  • Social Engineering
  • Reverse Engineering
    • String Analysis
  • Data Protection (Rest)
    • Local Data Storage (SQLite)
    • Plist Storage
    • Keychain Usage
    • NSUserDefaults Storage
  • Data Protection (Transit)
    • Server Communication
    • Public Key Pinning
  • Authentication
    • Remote Authentication
  • Side Channel Data Leaks
    • Device Logs
    • Cut-and-Paste
    • Backgrounding
    • Keystroke Logging
  • Tamepring
    • Method Swizzling
  • Injection Flaws
    • SQL Injection
    • Cross Site Scripting
  • Broken Cryptography




Source: www.effecthacking.com
iGoat - A Deliberately Insecure iOS Application iGoat - A Deliberately Insecure iOS Application Reviewed by Unknown on 12:14 AM Rating: 5