DVHMA Damn Vulnerable Hybrid Mobile App Logo

DVHMA Damn Vulnerable Hybrid Mobile App

0
Free
Visit Website

DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent

FEATURES

ALTERNATIVES

A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing

Simple script to check a domain's email protections and identify vulnerabilities.

Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05

List of publicly disclosed vulnerabilities with security filters and detailed advisories.

A categorized collection of bug bounty write-ups for various vulnerabilities.

Advanced email reconnaissance tool leveraging public data.

kube-hunter hunts for security weaknesses in Kubernetes clusters.

A platform to learn SQL injection techniques and methods