About

Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.

Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Jailbreak Detection
  • Runtime Manipulation
  • Piracy Detection
  • Transport Layer Security
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 7.0.6

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Get Started

Here is a tutorial on how to get started with Damn Vulnerable iOS App.

Learn

I have written a blog series on iOS Application Security. The complete list of tutorials can be found below

 

 

Solutions

While we have made available several free resources for learning iOS security, we have also made a solutions guide for the challenges in the application. This set of comprehensive guides is available at a cost of $19. To get an idea of how the solutions will look like, you can download a free version that covers solutions for a couple of challenges. Once you buy these solutions, you are entitled to receive solutions for any new challenges that will be added in the future versions of this application. The proceeds from this purchase support the DVIA project and give us dedicated time to improve the application, add new challenges, etc.

You can download the demo version of solutions from here.

To buy the complete set of solutions, please click on the Buy Now button below. Once you have purchased the solutions, a download link for the solutions will be sent to your email.

Downloads

Note: App will only work on iOS 7 devices, older versions of iOS are not supported. DVIA supports 64 bit devices as well.

Make sure to read this post on how to get started with using DVIA.

v1.2 – Launched on 11th March, 2014

Download the IPA file from here

v1.1 – Launched on 17th February, 2014

Download the IPA file from here

v1.0 – Launched on 3rd February, 2014

Download the IPA file from here

DVIA is free and open source. The Github project and source code for DVIA can be found here

Please open DamnVulnerableIOSApp.xcworkspace to run the project from source code. Don’t use the file DamnVulnerableIOSApp.xcodeproj as the build will fail. This is because DVIA uses Cocoapods.

Version History

v1.2 – Launched on 11th March, 2014

Added a new section with challenges in…

  • Piracy Detection

Also added new challenges in …

  • Runtime Manipulation
  • Application patching

Other changes include

  • Minor bug fixes
  • Some UI changes

v1.1 – Launched on 17th February, 2014

Added new Vulnerabilities and Challenges in …

  • Security Decisions via Untrusted input
  • Side Channel Data Leakage

Some bug fixes include…

  • Optimizations for iPad
  • Grammatical errors

Also, this app comes with a new app icon and launch image :-)

v1.0 – Launched on 3rd February, 2014

Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Jailbreak Detection
  • Runtime Manipulation
  • Transport Layer Security
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Application Patching

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pen-testing. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

 

Contact

Got a question ? You can contact me on Twitter, Linkedin,
ask a question on Twitter or Stack overflow with the hashtag #DVIA or fill the form below.

Your Name (required)

Your Email (required)

Subject

Your Message



style="display:inline-block;width:336px;height:280px"
data-ad-client="ca-pub-2053844423471391"
data-ad-slot="4860282865">