- Brief introduction to the problem.
- Verify the problem by exploiting it.
- Brief description of available remediations to the problem.
- Fix the problem by correcting and rebuilding the iGoat program.
- Updated SQLCipher to latest version
- Removed project specific compilation warnings
- Removed crashing code for server side exercises.
- Updated project details in project github page.
- Added multiple exercises including:
- Broken Cryptography
- Insecure Storage in Plist
- Insecure Storage in NSUserDefaults
- Side Channel Data Leaks via Device Logs
- Cross Site Scripting
Call for contributors:
How to contribute?
- You can add new exercises (Oauth Attacks, Crypto Attacks, Third Party Library Issues etc)
- Testing iGoat on iPhone, iPad and checking if any issues
- Remove compilation warnings
- Suggest us new attacks
- Writing blogs / article about iGoat
- Spreading iGoat :)
Please provide feedback to Swaroop Yermalker or use the contact us form.