Home

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on iOS application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto iOS 7.0.4

Vulnerabilities and Challenges Include …

• Insecure Data Storage
• Jailbreak Detection
• Runtime Manipulation
• Transport Layer Security
• Client Side Injection
• Information Disclosure
• Broken Cryptography
• Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 7.0.4

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Here is a tutorial on how to get started with Damn Vulnerable iOS App.

I have written a blog series on iOS Application Security. The complete list of tutorials can be found below. These tutorials can be found at http://highaltitudehacks.com/security

• iOS Application security Part 1 – Setting up a mobile pen-testing platform
• iOS Application security Part 2 – Getting class information of IOS app
• iOS Application security Part 3 – Understanding the Objective-C Runtime
• iOS Application Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
• iOS Application security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App
• iOS Application Security Part 6 – New Security Features in IOS 7
• iOS Application Security Part 7 – Installing and Running Custom Applications on Device without a registered developer account
• iOS Application Security Part 8 – Method Swizzling using Cycript
• iOS Application Security Part 9 – Analyzing Security of iOS Applications using Snoop-it
• iOS Application Security Part 10 – iOS Filesystem and Forensics
• iOS Application Security Part 11 – Analyzing Network Traffic over HTTP/HTTPS
• iOS Application Security Part 12 – Dumping Keychain Data
• iOS Application Security Part 13 – Booting a custom Ramdisk using Sogeti Data Protection tools
• iOS Application Security Part 14 – Gathering information using Sogeti Data Protection tools
• iOS Application Security Part 15 – Static Analysis of iOS Applications using iNalyzer
• iOS Application Security Part 16 – Runtime Analysis of iOS Applications using iNalyzer
• iOS Application Security Part 17 – Black-Box Assessment of iOS Applications using INTROSPY
• iOS Application Security Part 18 – Detecting custom signatures with Introspy
• iOS Application Security Part 19 – Programmatical Usage of Introspy
• iOS Application Security Part 20 – Local Data Storage
• iOS Application Security Part 21 – ARM and GDB Basics
• iOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB
• iOS Application Security Part 23 – Defending against runtime analysis and manipulation
• iOS Application Security Part 24 – Jailbreak Detection and Evasion
• iOS Application Security Part 25 – Secure Coding Practices for IOS Development
• iOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend
• iOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak
• iOS Application Security Part 28 – Patching IOS Application with Hopper
• iOS Application Security Part 29 – Insecure or Broken Cryptography