This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP Mobile Security Project - Mobile Tools"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
[https://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_Project iMas Project Page]
 
[https://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_Project iMas Project Page]
  
The source code for iMAS is available on GitHub: [https://github.com/project-imas/about Source Code]
+
The source code for iMAS is available on GitHub: [https://github.com/project-imas/about iMAS Source Code]
  
 
== GoatDroid  ==
 
== GoatDroid  ==
Line 13: Line 13:
 
GoatDroid requires minimal dependencies, and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location based social network, and Herd Financial, a mobile banking application.
 
GoatDroid requires minimal dependencies, and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location based social network, and Herd Financial, a mobile banking application.
  
You can find GoatDroid on GitHub: [https://github.com/jackMannino/OWASP-GoatDroid-Project Source Code]
+
You can find GoatDroid on GitHub: [https://github.com/jackMannino/OWASP-GoatDroid-Project GoatDroid Source Code]
  
 
[https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project GoatDroid Project Page]
 
[https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project GoatDroid Project Page]
Line 34: Line 34:
 
iGoat is free software, released under the GPLv3 license.
 
iGoat is free software, released under the GPLv3 license.
  
[https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Dangers_of_Jailbreaking_and_Rooting_Mobile_Devices Dangers of Jailbreaking & Rooting Mobile Devices]
+
[https://www.owasp.org/index.php/OWASP_iGoat_Project iGoat Project Page]
 +
 
 +
The iGoat source code is available on Google Code [http://code.google.com/p/owasp-igoat/ iGoat Source Code]
  
 
== MobiSec ==
 
== MobiSec ==

Revision as of 14:47, 22 May 2013

iMas

iMAS is a collaborative research project from the MITRE Corporation focused on open source iOS security controls. Today, iOS meets the enterprise security needs of customers, however many security experts cite critical vulnerabilities and have demonstrated exploits, which pushes enterprises to augment iOS deployments with commercial solutions. The iMAS intent is to protect iOS applications and data beyond the Apple provided security model and reduce the adversary’s ability and efficiency to perform recon, exploitation, control and execution on iOS mobile applications. iMAS will transform the effectiveness of the existing iOS security model across major vulnerability areas including the System Passcode, jailbreak, debugger / run-time, flash storage, and the system keychain. Research outcomes include an open source secure application framework, including an application container, developer and validation tools/techniques.

iMas Project Page

The source code for iMAS is available on GitHub: iMAS Source Code

GoatDroid

The OWASP GoatDroid Project is a fully functional and self-contained environment for learning about Android security.

GoatDroid requires minimal dependencies, and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location based social network, and Herd Financial, a mobile banking application.

You can find GoatDroid on GitHub: GoatDroid Source Code

GoatDroid Project Page

iGoat

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

iGoat Project Page

The iGoat source code is available on Google Code iGoat Source Code

MobiSec