This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP iGoat Project

From OWASP
Revision as of 14:47, 10 March 2016 by Ken van Wyk (talk | contribs)

Jump to: navigation, search
OWASP Inactive Banner.jpg

^^^ Rest assured the iGoat project is NOT inactive. We're merely finding it a new home on Github after its home on Google Code went away. Sorry for the inconvenience, but we most assuredly are working on a new release.

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

NOTE: Please bear with us as we move this project over to Github. In the meantime, the current version is 2.3, and it can be downloaded here: https://drive.google.com/folderview?id=0B4JD0hBwn1-uZmJXU0pfdEUtdlE&usp=sharing

iGoat has been designed and built to be a foundation on which to build a series of iOS security lessons. The initial iGoat release will include a handful of lessons to work through, but one of the aims of the project is to build a community of developers to help build out additional lessons over time -- much as WebGoat has before it.

Interested contributors are encouraged to contact the project leader (Ken van Wyk, [email protected]) to find out how they can contribute to future releases of iGoat.

The iGoat project was launched in May 2011. Version 2.3 was released on 20 November 2014. Source repository and download site:

http://code.google.com/p/owasp-igoat/

  1. REDIRECT [iGoat Tool Project]

{{Template: Project About

| project_name =OWASP iGoat Project | project_home_page =OWASP iGoat Project | project_description =The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat.

Similar to WebGoat (developer), the user is presented with a series of lessons surrounding numerous vulnerabilities associated with iOS apps. The student exploits each vulnerability to validate its existence, and then he implements a remediation in the lesson's source code.

Further, iGoat is designed and implemented modularly, similar conceptually to WebGoat's modular Java EE servlet model. It is intended to provide a foundational framework to build lessons on top of, starting with a core set of lessons provided in the first release.

iGoat can be downloaded here: https://github.com/owasp/igoat

| project_license =GPL v3

| leader_name1 =Swaroop Yermalkar | leader_email1 [email protected] | leader_username1 = | leader_name[2-10] = | leader_email[2-10] = | leader_username[2-10] = | contributor_name1 =Jonathan Carter | contributor_email1 [email protected] | contributor_username1 = | contributor_name[2-10] = | contributor_email[2-10] = | contributor_username[2-10] = | pamphlet_link = | presentation_link = | mailing_list_name =https://lists.owasp.org/mailman/listinfo/owasp-igoat-project | project_road_map =https://www.owasp.org/index.php/OWASP_iGoat_Project/Roadmap | links_url[1-10] = | links_name[1-10] = | release_1 =iGoat v1.1 | release_2 =iGoat v2.0 | release_3 =iGoat v2.1 | release_4 =iGoat v2.3

| project_about_page =Projects/OWASP_iGoat_Project }}