DVHMA Damn Vulnerable Hybrid Mobile App Logo

DVHMA Damn Vulnerable Hybrid Mobile App

0
Free
Visit Website

DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent

FEATURES

ALTERNATIVES

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.

An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library with a focus on speed, reliability, and ease of integration.

A comprehensive guide to Android Security

An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.

A series of small test cases designed to exercise different parts of a static security analyzer

Simple script to check a domain's email protections and identify vulnerabilities.