/iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Primary LanguageCGNU General Public License v3.0GPL-3.0

GSOC 2019


OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS Twitter Follow

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swift 4 Ruby

iGoat (Objective C) was presented at: AppSec USA 2017   c0c0n 2017   SEC-T 2017   BruCON 2017   Bugcrowd Levelup 2017

Vulnerabilities Covered (version 1.0): Download iGoat Documentation: https://docs.igoatapp.com/

Summary Snapshot
OWASP TOP 10 Mobile

* Reverse Engineering
* Runtime Analysis
* Data Protection (Rest)
* Data Protection (Transit)
* Key Management
* Tampering
* Injection Flaws
* Broken Cryptography
* Memory Management
* URL Scheme Attack
* Social Engineering
* SSL Pinning
* Authentication
* Jailbreak Detection
* Side Channel Data Leaks
* Cloud Misconfiguration
* Crypto Challenges

Demo

Demo

Documentation: iGoat Wiki

iGoat Quick Setup git clone https://github.com/OWASP/iGoat-Swift.gitand open iGoat-Swift.xcodeproj with xcode. Setup iGoat Server Navigate to server > docker_packaging and then use command docker compose up
Using Cydia Repo - Open Cydia -> Sources -> Edit and add source http://swiftigoat.yourepo.com/ and then search for iGoat and install it.

Project Lead - Swaroop Yermalkar Twitter Follow

Lead Developer - Anthony Gonsalves

Architecture

Architecture

How to Contribute?

  • You can add new exercises
  • Testing iGoat and checking if any issues
  • Suggest us new attacks
  • Writing blogs / article about iGoat
  • Spreading iGoat :)

To contribute to iGoat project, please contact Swaroop ( swaroop.yermalkar@owasp.org or @swaroopsy )

Project Contributors -

Junard Lebajan
Tim
masbog
Arun
Your name can be here :) We give cool iGoat t-shirt and swag!