OWASP DVIA

= Main  =

Welcome to the Damn Vulnerable iOS Application home page.

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on iOS application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto iOS 7.0.4.

Current Challenge Categories:


 * Insecure Data Storage (4 exercises)
 * Jailbreak Detection (2 exercises)
 * Runtime Manipulation (3 exercises)
 * Transport Layer Security (1 exercise)
 * Client Side Injection (1 exercise)
 * Broken Cryptography (1 exercise)
 * Binary Patching (4 exercises)
 * Side Channel Data Leakage (4 exercises)
 * Security Decisions via untrusted input (1 exercise)

= Framework =

Damn Vulnerable iOS App (DVIA) is open source and its source is available at the url https://github.com/prateek147/DVIA If you are interested in contributing, you can contact the author at prateek.searchingeye@gmail.com

= Status =

v1.1 – Launched on 17th February, 2014

Added new Vulnerabilities and Challenges in …


 * Security Decisions via Untrusted input
 * Side Channel Data Leakage

Some bug fixes include…


 * Optimizations for iPad
 * Grammatical errors

Also, this app comes with a new app icon and launch image.

v1.0 – Launched on 3rd February, 2014

Vulnerabilities and Challenges Include …


 * Insecure Data Storage
 * Jailbreak Detection
 * Runtime Manipulation
 * Transport Layer Security
 * Client Side Injection
 * Information Disclosure
 * Broken Cryptography
 * Application Patching

= Project About =

Damn Vulnerable iOS application is a project started by Prateek Gianchandani (@prateekg147) which gives mobile testers and developers an iOS application to practice attacking/defending skill sets. Each challenge area corresponds to an in-depth article designed to teach the fundamentals of mobile security on the iOS platform. Some challenge categories include multiple challenge types. You can download the app from here.