DVHMA Damn Vulnerable Hybrid Mobile App Logo

DVHMA Damn Vulnerable Hybrid Mobile App

0
Free
Visit Website

DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent

FEATURES

ALTERNATIVES

A vulnerability scanner that helps you identify and fix vulnerabilities in your code

A tool for detecting secrets in your code

SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.

A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.

A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.

Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.