OWASP iGoat Project for iOS Developer

By

Jul 16th


Security professional that focus on web application security will have heard of WebGoat. It is a project by OWASP (Open Web Application Security Project), which is designed to teach web application security to web developer. Inspired by this project, OWASP have release a similar learning tool for iOS (using in iPhone and iPad) developers called iGoat.

The iGoat project aims to be a developer safe learning environment where the users can learn about the major security pitfalls as well as how to avoid them. Similar to WebGoat, the users are presented with a series of lesson surrounding numerous vulnerabilities with iOS apps. They will need to exploit each of the vulnerability to validate its existence, and then implement a remediation in the lesson’s source code.

The lessons are laid out in the following steps:

Brief introduction to the problem

Verify the problem by exploiting it

Brief description of available remediation to the problem

Fix the problem by correcting and rebuilding the lesson’s source code

The iGoat can be downloaded from http://code.google.com/p/owasp-igoat/

Leave a Reply

 
© 2006-2019 Security magazine.