DVHMA Damn Vulnerable Hybrid Mobile App
DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent
FEATURES
ALTERNATIVES
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
A Powershell script for assessing the security configurations of Siemens - SIMATIC PCS 7 OS client, OS Server or Engineering station.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.