netspi / swift.nv Goto Github PK
View Code? Open in Web Editor NEWSecurity Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
License: GNU General Public License v2.0
Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
License: GNU General Public License v2.0
Create and document example of poor authorization /AND/ authentication within the app.
Swift 2.3 is deprecated. When you compile the project it complains and asks us to convert to swift 3.
The register function in NVRegisterViewController.swift needs
_ = NSURLConnection(request: request, delegate: self, startImmediately: true)
right after the request is set up. Must have been deleted accidentally.
Create the screens and functionality to take a picture or select a current photo and store it as a secret.
Create and document example of the lack of binary protections within the app build process.
username/password stored in local sqlite database.
Create and document example of weak or no communication encryption as the app talks to the backend web service.
Create an example of weak server side controls with backend API and App.
Noticed that if running the app without the API it continues showing the "registering..." message indicator (which is truncated.) It should, however, display a message similar to Communication to API: localhost:4567 has timedout
to alert users of the presence of an API, if they aren't aware.
Need to write instructions for this, and build code for certificate pinning
Change the add item/edit item controllers to encrypt the item value.
After login into swift.nv application i cant able to find out the "com.nvisium.Swift-nV.plist" file inside ~/Library/Developer/CoreSimulator/Devices/ /data/library/Preferences
Could you please help me out
Thanks in advance
Mahesh
Create a backend web service for Swift.nV (preferably RESTful service) that provides the following functionality:
Looks like the project will need to be updated to Swift 2.0 syntax
Download beta 5. Make any necessary changes to code to support most recent beta.
Create network communication functionality to talk to backend Swift.nV web service and perform the following:
Create and document example of making poor security decisions based on untrusted inputs within the app.
Create the app tutorial and help screens that enumerates all of the internal vulnerabilities and explains how to find, exploit, and fix them.
Screen to display all of the stored secrets from the local sqlite/coredata database
Create and document example of client side injection within the app.
Create the functionality to add a new secret to the local sqlite3 database.
Build in and document an Integer Overflow vulnerability
Registration to local sqlite3 database
Settings screen should allow the user to sync data between local copy and backend API. Create option to allow user to enable network storage of items.
Create and document example of insecure data storage within the app.
Edit Item should open without showing the actual value of the "secret". Hide the value when screen inits and create a show/hide button.
Create and document example of improper session handling within the app.
The Edit Item screen should have a button to copy the value of the secret to the clipboard.
Run through the tutorials and confirm that the vulnerabilities still work in iOS 9 simulators with Xcode7.
Build in and document a format string vulnerability.
Create and document example of broken cryptography within the app.
Allow user to choose to store items in CloudKit.
Create and document example of data leakage within the app.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.