Settings screen should allow the user to sync data between local copy and backend API. Create option to allow user to enable network storage of items.

Create and document example of insecure data storage within the app.

The Edit Item screen should have a button to copy the value of the secret to the clipboard.

Run through the tutorials and confirm that the vulnerabilities still work in iOS 9 simulators with Xcode7.

Create the app tutorial and help screens that enumerates all of the internal vulnerabilities and explains how to find, exploit, and fix them.

Create and document example of making poor security decisions based on untrusted inputs within the app.

Looks like the project will need to be updated to Swift 2.0 syntax

Create and document example of broken cryptography within the app.

Download beta 5. Make any necessary changes to code to support most recent beta.

Build in and document an Integer Overflow vulnerability

Create a backend web service for Swift.nV (preferably RESTful service) that provides the following functionality:

• Register User
• Authenticate User
• Store Items
• Retrieve Items

The register function in NVRegisterViewController.swift needs
_ = NSURLConnection(request: request, delegate: self, startImmediately: true)
right after the request is set up. Must have been deleted accidentally.

Create and document example of data leakage within the app.

Allow user to choose to store items in CloudKit.

After login into swift.nv application i cant able to find out the "com.nvisium.Swift-nV.plist" file inside ~/Library/Developer/CoreSimulator/Devices/ /data/library/Preferences

Could you please help me out

Thanks in advance
Mahesh

Create and document example of the lack of binary protections within the app build process.

username/password stored in local sqlite database.

Screen to display all of the stored secrets from the local sqlite/coredata database

Create and document example of improper session handling within the app.

Swift 2.3 is deprecated. When you compile the project it complains and asks us to convert to swift 3.

PFA screenshot

Create and document example of poor authorization /AND/ authentication within the app.

Registration to local sqlite3 database

Create the functionality to add a new secret to the local sqlite3 database.

Change the add item/edit item controllers to encrypt the item value.

1. I started local server using #ruby api.rb
2. Started the app and all url's in plist are localhost.
3. I'm able to register on app.
4. However I'm to login into app using registered details.
   I've attached screenshots for same.
   
   

Noticed that if running the app without the API it continues showing the "registering..." message indicator (which is truncated.) It should, however, display a message similar to Communication to API: localhost:4567 has timedout to alert users of the presence of an API, if they aren't aware.

Create the screens and functionality to take a picture or select a current photo and store it as a secret.

Need to write instructions for this, and build code for certificate pinning

Edit Item should open without showing the actual value of the "secret". Hide the value when screen inits and create a show/hide button.

Create network communication functionality to talk to backend Swift.nV web service and perform the following:

• Register User
• Authenticate User
• Store Items
• Retrieve Items

Create and document example of client side injection within the app.

Build in and document a format string vulnerability.

Create and document example of weak or no communication encryption as the app talks to the backend web service.

Create an example of weak server side controls with backend API and App.