Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves.
When developing a mobile application, developer has to fulfill high security requirements, established for apps that deal with confidential data of the users.
If you are a developer then responsibilities for providing security to the users is very high in comparison to functionality you are going to feed into the app. e.g. A vulnerability found in Starbucks' iOS app could have caused a massive financial data loss. It is always important for all app developers to have enough knowledge about major Mobile platform Security threats and its countermeasures.
Today we would like to introduce open source 'Damn Vulnerable IOS App (DVIA)' developed by Prateek Gianchandani, a Mobile Security Expert. DVIA is a platform for mobile security enthusiasts, professionals or students to test their iOS penetration testing skills in a legal environment.
The application provides a damn vulnerable platform that cover almost all common vulnerabilities found in iOS applications, including:
- Insecure Data Storage
- Jailbreak Detection
- Runtime Manipulation
- Transport Layer Security
- Client Side Injection
- Information Disclosure
- Broken Cryptography
- Application Patching
Among with DVIA application, Prateek has also published a series of tutorials for those who want to learn IOS Application Pen-testing.
You can download it from Github page and can install on devices running IOS 7 or later. This is the best recommended app to practice the basics of mobile application security.