A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common Mobile Security and Application Security pitfalls.
The objectives of the ExploitMe Mobile training platform are:
- Capture the common security related mobile application development pitfalls within a mobile application for iOS and Android platforms.
- Build in intentionally vulnerable client and server side code to illustrate business level impact of technical mobile application vulnerabilities.
- Develop a learning platform that can educate developers on secure coding practices.
- Create an openly available platform that encourages community collaboration.
All of the vulnerabilities featured in the ExploitMe Mobile training platform are inspired by the results of mobile application security assessments performed by our consultants across various industry verticals. The iPhone and Android versions of ExploitMe Mobile feature the top 80% of all Medium, High and Critical risk mobile application vulnerabilities in the following broad categories:
- Parameter manipulation
- Protocol encryption
- Password lock screens
- File system access permissions
- Insecure storage of files
- Insecure logging
The entire source of the project can be found on github at: http://github.com/SecurityCompass
Download our Exploit Me Mobile Whitepaper for information about the great labs.
Please give it a try, and we hope that you share it with colleagues as well. They way we see it, there’s no better way to learn about security vulnerabilities than seeing them in action!