Uploaded byeffecthacking
PPT, PDF681 views

iGoat presentation

iGoat is a learning tool for iOS developers and testers that emulates real security vulnerabilities. It contains a series of lessons that teach about common security issues like insecure data storage, authentication flaws, and injection vulnerabilities. The student exploits each vulnerability, then implements a fix in the code to learn about remediation. iGoat is modeled after the WebGoat project and provides a safe environment for developers to learn about iOS security challenges.

Embed presentation

Download to read offline
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org An Introduction to The OWASP iGoat Project Jason Haddix Jason.haddix@hp.com Education Project
OWASP 2 About iGoat  Project Author: Kenneth R. van Wyk (KRVW Associates)  OWASP Page: https://www.owasp.org/index.php/OWASP_iGoat_Project  iGoat is a learning tool for iOS developers (and testers) emulating real security vulnerabilities in iPhone, iPad, etc, apps. It was inspired by the WebGoat project, and has a similar conceptual flow to it.
OWASP 3 About iGoat  As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.  Similar to WebGoat the user is presented with a series of lessons surrounding numerous vulnerabilities associated with iOS apps. The student exploits each vulnerability to validate its existence, and then he implements a remediation in the lesson's source code.
OWASP 4 Lessons  The lessons follow OWASPs classifications of mobile vulnerabilities:
OWASP 5 Example Lesson: M1 – Insecure Data Storage
OWASP 6 Example Lesson: M1 – Insecure Data Storage
OWASP 7 Other Lessons  Data Protection (Transit)  Authentication
OWASP  Injection Flaws 8 Other Lessons  Data Protection (Rest)
OWASP 9 Demo  Demo Time!
OWASP 10 Wrap Up  iGoat is built in a modular way so that if you have experience developing for iOS you can contribute to the project.  Please use the project to further your own knowledge of application security vulnerabilities on iphone.  For questions feel free to contact:  Jason.haddix@hp.com  ken@krvw.com

More Related Content

PPT
Owasp Serbia overview
byNikola Milosevic
 
PDF
Yaksas CSC - Vulnerability Assessment & Penetration Testing
byUday Mittal
 
PDF
Owasp o
bySagar Nangare
 
PDF
LF_APIStrat17_Practical DevSecOps for APIs
byLF_APIStrat
 
PDF
Owasp top 10-2017
bymalvvv
 
PDF
Owasp top 10 2013
byBee_Ware
 
ODP
OISF - AppSec Presentation
byThreatReel Podcast
 
PDF
[Hungary] Survival is not mandatory. The air force one has departured are you...
byOWASP EEE
 
Owasp Serbia overview
byNikola Milosevic
 
Yaksas CSC - Vulnerability Assessment & Penetration Testing
byUday Mittal
 
Owasp o
bySagar Nangare
 
LF_APIStrat17_Practical DevSecOps for APIs
byLF_APIStrat
 
Owasp top 10-2017
bymalvvv
 
Owasp top 10 2013
byBee_Ware
 
OISF - AppSec Presentation
byThreatReel Podcast
 
[Hungary] Survival is not mandatory. The air force one has departured are you...
byOWASP EEE
 

Recently uploaded

PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 

Featured

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 

iGoat presentation

  • 1.
    Copyright 2007 ©The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org An Introduction to The OWASP iGoat Project Jason Haddix Jason.haddix@hp.com Education Project
  • 2.
    OWASP 2 About iGoat Project Author: Kenneth R. van Wyk (KRVW Associates)  OWASP Page: https://www.owasp.org/index.php/OWASP_iGoat_Project  iGoat is a learning tool for iOS developers (and testers) emulating real security vulnerabilities in iPhone, iPad, etc, apps. It was inspired by the WebGoat project, and has a similar conceptual flow to it.
  • 3.
    OWASP 3 About iGoat As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.  Similar to WebGoat the user is presented with a series of lessons surrounding numerous vulnerabilities associated with iOS apps. The student exploits each vulnerability to validate its existence, and then he implements a remediation in the lesson's source code.
  • 4.
    OWASP 4 Lessons  Thelessons follow OWASPs classifications of mobile vulnerabilities:
  • 5.
    OWASP 5 Example Lesson:M1 – Insecure Data Storage
  • 6.
    OWASP 6 Example Lesson:M1 – Insecure Data Storage
  • 7.
    OWASP 7 Other Lessons Data Protection (Transit)  Authentication
  • 8.
    OWASP  Injection Flaws 8 OtherLessons  Data Protection (Rest)
  • 9.
  • 10.
    OWASP 10 Wrap Up iGoat is built in a modular way so that if you have experience developing for iOS you can contribute to the project.  Please use the project to further your own knowledge of application security vulnerabilities on iphone.  For questions feel free to contact:  Jason.haddix@hp.com  ken@krvw.com