About

Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.

Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Jailbreak Detection
  • Runtime Manipulation
  • Piracy Detection
  • Sensitive information in memory
  • Transport Layer Security (http, https, cert pinning)
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 8.1

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Get Started

Here is a tutorial on how to get started with Damn Vulnerable iOS App.

Learn

I have written a blog series on iOS Application Security. The complete list of tutorials can be found below

 

 

Solutions

While we have made available several free resources for learning iOS security, we have also made a solutions guide for the challenges in the application. This set of comprehensive guides is available at a cost of $19. To get an idea of how the solutions will look like, you can download a free version that covers solutions for a couple of challenges. Once you buy these solutions, you are entitled to receive solutions for any new challenges that will be added in the future versions of this application. The proceeds from this purchase support the DVIA project and give us dedicated time to improve the application, add new challenges, etc.

You can download the demo version of solutions from here.

To buy the complete set of solutions, please click on the Buy Now button below. Once you have purchased the solutions, a download link for the solutions will be sent to your email.

Downloads

Note: DVIA is available “free for personal use” only. If you want to use the app for commercial purposes, please get in touch via the contact page.

App will only work on iOS 7/8 devices, older versions of iOS are not supported. DVIA supports 64 bit devices as well.

Make sure to read this post on how to get started with using DVIA.

Download the deb file from here
Download the IPA file from here

The Github project and source code for DVIA can be found here

Contact

Got a question ? You can contact me on Twitter, Linkedin,
ask a question on Twitter or Stack overflow with the hashtag #DVIA or fill the form below.

Your Name (required)

Your Email (required)

Subject

Your Message