After releasing the first Top Ten Mobile Risks, OWASP mobile
security project team is currently working to refresh the Top 10 for 2013. You
will find one page for mobile security project in OWASP [Link] containing lots
of information. You will also find several tools and mobile test environment in
this page. Which will help penetration tester and developer to learn mobile
security vulnerability in different platform like iOS, Android and etc.
iGoat
iGoat is a learning tool for iOS developers (iPhone, iPad,
etc.). It was inspired by the WebGoat project, and has a similar conceptual
flow to it. It is a safe environment where iOS developers can learn about
security weaknesses in iOS -- by breaking things as well as fixing them. It is
made up of a series of lessons that each teach a single (but vital) security
lesson. iGoat is free software, released under the GPLv3 license.
MobiSec
The MobiSec is a live environment for testing mobile
environments, including devices, applications, and supporting infrastructure.
The purpose is to provide attackers and defenders the ability to test their
mobile environments to identify design weaknesses and vulnerabilities. The
MobiSec Live Environment provides a single environment for testers to leverage
the best of all available open source mobile testing tools, as well as the
ability to install additional tools and platforms, that will aid the penetration
tester through the testing process as the environment is structured and
organized based on an industry‐proven testing framework. Using a live
environment provides penetration testers the ability to boot the MobiSec Live
Environment on any Intel-based system from a DVD or USB flash drive, or run
the test environment within a virtual machine.
iMAS
iMAS is a collaborative research project from the MITRE
Corporation focused on open source iOS security controls. Today, iOS meets the
enterprise security needs of customers, however many security experts cite
critical vulnerabilities and have demonstrated exploits, which pushes
enterprises to augment iOS deployments with commercial solutions. The iMAS
intent is to protect iOS applications and data beyond the Apple provided
security model and reduce the adversary’s ability and efficiency to perform
recon, exploitation, control and execution on iOS mobile applications. iMAS
will transform the effectiveness of the existing iOS security model across
major vulnerability areas including the System Passcode, jailbreak, debugger /
run-time, flash storage, and the system keychain. Research outcomes include an
open source secure application framework, including an application container,
developer and validation tools/techniques.
GoatDroid
OWASP GoatDroid is a fully functional and self-contained
training environment for educating developers and testers on Android security.
GoatDroid requires minimal dependencies and is ideal for both Android beginners
as well as more advanced users. The project currently includes two
applications: FourGoats, a location-based social network, and Herd Financial, a
mobile banking application. There are also several feature that greatly
simplify usage within a training environment or for absolute beginners who want
a good introduction to working with the Android platform.
As the Android SDK introduces new features, the GoatDroid
contributors will strive to implement up-to-date lessons that can educate
developers and security testers on new security issues. The project currently
provides coverage for most of the OWASP Top 10 Mobile Risks and also includes a
bunch of other problems as well.
No comments:
Post a Comment