netspi / swift.nv Goto Github PK

Change the add item/edit item controllers to encrypt the item value.

Create the screens and functionality to take a picture or select a current photo and store it as a secret.

Create and document example of client side injection within the app.

Registration to local sqlite3 database

Create and document example of weak or no communication encryption as the app talks to the backend web service.

Create and document example of data leakage within the app.

PFA screenshot

Build in and document a format string vulnerability.

Need to write instructions for this, and build code for certificate pinning

Create and document example of the lack of binary protections within the app build process.

username/password stored in local sqlite database.

Create and document example of poor authorization /AND/ authentication within the app.

Create network communication functionality to talk to backend Swift.nV web service and perform the following:

• Register User
• Authenticate User
• Store Items
• Retrieve Items

Create the functionality to add a new secret to the local sqlite3 database.

Create the app tutorial and help screens that enumerates all of the internal vulnerabilities and explains how to find, exploit, and fix them.

Settings screen should allow the user to sync data between local copy and backend API. Create option to allow user to enable network storage of items.

Run through the tutorials and confirm that the vulnerabilities still work in iOS 9 simulators with Xcode7.

Create and document example of broken cryptography within the app.

After login into swift.nv application i cant able to find out the "com.nvisium.Swift-nV.plist" file inside ~/Library/Developer/CoreSimulator/Devices/ /data/library/Preferences

Could you please help me out

Thanks in advance
Mahesh

Create and document example of insecure data storage within the app.

Edit Item should open without showing the actual value of the "secret". Hide the value when screen inits and create a show/hide button.

The register function in NVRegisterViewController.swift needs
_ = NSURLConnection(request: request, delegate: self, startImmediately: true)
right after the request is set up. Must have been deleted accidentally.

1. I started local server using #ruby api.rb
2. Started the app and all url's in plist are localhost.
3. I'm able to register on app.
4. However I'm to login into app using registered details.
   I've attached screenshots for same.
   
   

The Edit Item screen should have a button to copy the value of the secret to the clipboard.

Create an example of weak server side controls with backend API and App.

Create and document example of improper session handling within the app.

Swift 2.3 is deprecated. When you compile the project it complains and asks us to convert to swift 3.

Create and document example of making poor security decisions based on untrusted inputs within the app.

Download beta 5. Make any necessary changes to code to support most recent beta.

Screen to display all of the stored secrets from the local sqlite/coredata database

Looks like the project will need to be updated to Swift 2.0 syntax

Build in and document an Integer Overflow vulnerability

Noticed that if running the app without the API it continues showing the "registering..." message indicator (which is truncated.) It should, however, display a message similar to Communication to API: localhost:4567 has timedout to alert users of the presence of an API, if they aren't aware.

Create a backend web service for Swift.nV (preferably RESTful service) that provides the following functionality:

• Register User
• Authenticate User
• Store Items
• Retrieve Items

Allow user to choose to store items in CloudKit.