Update iOS Swift!
What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C and Python (Flask framework) as a backend server, is designed to simulate a "real-world" web services-enabled mobile banking application that contains over 30 vulnerabilities.
The objective of this project:
- Application developers, programmers and architects can understand and consider how to create secure software by investigating the vulnerable app (WaTF-Bank) on both Android and iOS platforms.
- Penetration testers can practice security assessment skill in order to identify and understand the implication of the vulnerable app.
OWASP Mobile Top 10 2016 | Vulnerability Name |
---|---|
M1. Improper Platform Usage |
|
M2. Insecure Data Storage |
|
M3. Insecure Communication |
|
M4. Insecure Authentication |
|
M5. Insufficient Cryptography |
|
M6. Insecure Authorization |
|
M7 Client Code Quality |
|
M8. Code Tampering |
|
M9. Reverse Engineering |
|
M10. Extraneous Functionality |
|
Required Library
- flask
- flask_sqlalchemy
- flask_script
- flask_migrate
Easy installation through
pip3 install -r requirements.txt
Starting backend (The database will also be remigrated)
./StartServer
- Boonpoj Thongakaraniroj
- Parameth Eimsongsak
- Prathan Phongthiproek
- Krit Saengkyongam
This project is using the MIT License.
Copyright (c) 2018 WaTF-Team