Security professional that focus on web application security will have heard of WebGoat. It is a project by OWASP (Open Web Application Security Project), which is designed to teach web application security to web developer. Inspired by this project, OWASP have release a similar learning tool for iOS (using in iPhone and iPad) developers called iGoat.
The iGoat project aims to be a developer safe learning environment where the users can learn about the major security pitfalls as well as how to avoid them. Similar to WebGoat, the users are presented with a series of lesson surrounding numerous vulnerabilities with iOS apps. They will need to exploit each of the vulnerability to validate its existence, and then implement a remediation in the lesson’s source code.
The lessons are laid out in the following steps:
• Brief introduction to the problem
• Verify the problem by exploiting it
• Brief description of available remediation to the problem
• Fix the problem by correcting and rebuilding the lesson’s source code
The iGoat can be downloaded from http://code.google.com/p/owasp-igoat/