netspi / swift.nv Goto Github PK
View Code? Open in Web Editor NEWSecurity Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
License: GNU General Public License v2.0
Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
License: GNU General Public License v2.0
Change the add item/edit item controllers to encrypt the item value.
Create the screens and functionality to take a picture or select a current photo and store it as a secret.
Create and document example of client side injection within the app.
Registration to local sqlite3 database
Create and document example of weak or no communication encryption as the app talks to the backend web service.
Create and document example of data leakage within the app.
Build in and document a format string vulnerability.
Need to write instructions for this, and build code for certificate pinning
Create and document example of the lack of binary protections within the app build process.
username/password stored in local sqlite database.
Create and document example of poor authorization /AND/ authentication within the app.
Create network communication functionality to talk to backend Swift.nV web service and perform the following:
Create the functionality to add a new secret to the local sqlite3 database.
Create the app tutorial and help screens that enumerates all of the internal vulnerabilities and explains how to find, exploit, and fix them.
Settings screen should allow the user to sync data between local copy and backend API. Create option to allow user to enable network storage of items.
Run through the tutorials and confirm that the vulnerabilities still work in iOS 9 simulators with Xcode7.
Create and document example of broken cryptography within the app.
After login into swift.nv application i cant able to find out the "com.nvisium.Swift-nV.plist" file inside ~/Library/Developer/CoreSimulator/Devices/ /data/library/Preferences
Could you please help me out
Thanks in advance
Mahesh
Create and document example of insecure data storage within the app.
Edit Item should open without showing the actual value of the "secret". Hide the value when screen inits and create a show/hide button.
The register function in NVRegisterViewController.swift needs
_ = NSURLConnection(request: request, delegate: self, startImmediately: true)
right after the request is set up. Must have been deleted accidentally.
The Edit Item screen should have a button to copy the value of the secret to the clipboard.
Create an example of weak server side controls with backend API and App.
Create and document example of improper session handling within the app.
Swift 2.3 is deprecated. When you compile the project it complains and asks us to convert to swift 3.
Create and document example of making poor security decisions based on untrusted inputs within the app.
Download beta 5. Make any necessary changes to code to support most recent beta.
Screen to display all of the stored secrets from the local sqlite/coredata database
Looks like the project will need to be updated to Swift 2.0 syntax
Build in and document an Integer Overflow vulnerability
Noticed that if running the app without the API it continues showing the "registering..." message indicator (which is truncated.) It should, however, display a message similar to Communication to API: localhost:4567 has timedout
to alert users of the presence of an API, if they aren't aware.
Create a backend web service for Swift.nV (preferably RESTful service) that provides the following functionality:
Allow user to choose to store items in CloudKit.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.