Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Meet the DIVA - by: Sandeep & Ankit

This Presentation is all about Damn Insecure & Vulnerable App

  • Be the first to comment

  • Be the first to like this

Meet the DIVA - by: Sandeep & Ankit

  1. 1.  DIVA (Damn insecure and vulnerable App) is an Android App intentionally designed to be insecure  The vulnerabilities exist from a developer’s perspective  Source: https://github.com/payat u/diva-android  Created by Aseem Jakhar
  2. 2. Current Challenges include: ◦ Insecure Logging ◦ Hardcoding Issues – Part 1 ◦ Insecure Data Storage – Part 1 ◦ Insecure Data Storage – Part 2 ◦ Insecure Data Storage – Part 3 ◦ Insecure Data Storage – Part 4 ◦ Input Validation Issues – Part 1 ◦ Input Validation Issues – Part 2 ◦ Access Control Issues – Part 1 ◦ Access Control Issues – Part 2 ◦ Access Control Issues – Part 3 ◦ Hardcoding Issues – Part 2 ◦ Input Validation Issues – Part 3
  3. 3. For the purpose of the walkthrough of the challenges we need the following tools: ◦ Genymotion or Android Studio AVD ◦ Dex2jar or jadx ◦ JD-GUI ◦ APKTOOL
  4. 4. jadx –d out_folder diva.apk adb devices adb logcat adb shell cd, ls, ls –a, cat sqlite3 database_name select * from table_name;

×