Skip to main content

Android Damn Vulnerable App by Security Compass

Tutorial of Android Damn Vulnerable App by Security Compass

Introduction:


Hi folks, today I am gonna show you some hands on or tutorial of the android app testing which I done during my R&D of android app security testing. Here I will show you from scratch setting up of Lab Server to testing of application.

In this you will learn on below topics:
1)Insecure Connection (Traffic over HTTP)
2)Server Side Authorization Issue
3)Insecure File Storage
4)Insecure Logging
5)Encryption of data on device
6)Memory Protection

Setting-up of lab (App & Server)


First of all you have to download the base app which is damn vulnerable from here.
After downloading zip and extracting it you have to build it in .apk format using Eclipse IDE.

Now you have to install the app in the emulator before that you have to make sure that you installed SDK and its packages.

To install the app you have to start emulator using AVD and clicking on "Start" or by command line
emulator.exe -avd [emulator name]

Install the app on emulator using below command and you will get the adb.exe from SDK/platform-tools folder below is command to install it

adb.exe install [apk file]

Server setup

This vulnerable app is having client & server architecture and to practice you have to setup the server.

You are having 3 options to run the server:

1)Mobisec:

Mobisec is mobile application testing linux distro in this you will find the lab server there.


2)Android Tamer:

Like Mobisec it is also a linux distro for mobile app testing and in this also you will find the server.

3)Manual setup:

For manually setting up of server we have to download the server from https://github.com/securitycompass/LabServer after that we need some dependencies like
after installing the dependencies now we can start the server 


Now our app is working and now we can go for testing

In my next post we will test this app on insecure connection.

Labs

Lab 1 Insecure Connection 

Lab 2 Server Side Authorization Issue

Lab 3 Insecure File Storage

Lab 4 Secure Logging

Lab 5 Basic Encryption 

Lab 6 Advanced Encryption

Comments

  1. Ishu Sathya13 April 2018 at 00:06

    Thank you for sharing such valuable information and tips. This can give insights and inspirations for us; very helpful and informative! I would love to see more updates from you in the future.
    Android Training Institute in Chennai
    Best Android Training in Chennai

    ReplyDelete
  2. simwave.ca21 January 2019 at 22:16

    Thank you for a really good post. I found it quite useful and will check your site often.

    Mobile App Development

    ReplyDelete
  3. Aishwarya3 May 2019 at 06:02

    Excellent and very cool idea and the subject at the top of magnificence and I am happy to this post..Interesting post! Thanks for writing it. What's wrong with this kind of post exactly? It follows your previous guideline for post length as well as clarity..
    Mobile App Development Company In Chennai
    Android App Development Company In Chennai
    Android Application Development Company In Chennai
    Mobile App Development Company In India

    ReplyDelete
  4. Royal Picks17 July 2019 at 03:31

    Wow, amazing blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is fantastic, let alone the content!

    3D Animation Services in Atlanta
    Chatbot Development Company
    Android app development in Coimbatore

    ReplyDelete
  5. Annu25 July 2019 at 01:28

    Android phones are omnipresent and an android app may do wonders to your business. Consider hiring an android app development company to take your business to another level of growth and success.

    ReplyDelete
  6. Winnipeg9 August 2019 at 02:34

    Really a great post..very valuable info. Thanks for sharing..
    we offer a variety of web design and development services for any sized web projects. We believe that a truly professional and well-designed website will be an effective marketing tool. Our team of web designers and web developers have the tools to take your website to the next level.
    Web development company winnipeg
    Mobile app development winnipeg

    ReplyDelete
  7. Britwise Technologies27 August 2019 at 01:43

    Thanks for such nice information it will really helpful to us,
    Android App Development Services | Android Application Development Company | Android Apps Development | Android App Development Company in India| Mobile app development

    ReplyDelete
  8. Prakash8 September 2019 at 22:55

    Wonderful Blog!!! Thanks for sharing this post with us... and it is more helpful for us.
    IOS Training in Chennai
    iOS Course in Chennai
    Best ios Training institutes in Chennai
    ios developer course in chennai
    IOS Training in Tnagar
    IOS training in Thiruvanmiyur
    Big data training in chennai
    Software testing training in chennai
    Selenium Training in Chennai

    ReplyDelete
  9. Sathish Kumar17 September 2019 at 03:34

    Great Info!!! Thanks for sharing information with us. If someone wants to know about Safety Softwares and Employee Management Software I think this is the right place for you.

    ReplyDelete
  10. Atul26 December 2019 at 03:03

    hello, you know your article is amazing and this article is helping for me and everyone and thanks for sharing information tq Android Training in Delhi

    ReplyDelete
  11. Allen Marry9 April 2020 at 23:09

    Nice Post.. really helpful to clear my small concepts. thanks :)Keep doing more, waiting to read your next blog.
    quality assurance and testing services
    Software testing and Quality Assurance Services
    Software testing companies in USA
    End to end Performance testing services in USA
    Performance testing services company
    security testing services company
    Test automation service providers
    QA Services company
    mobile app testing services

    ReplyDelete
  12. queenrearton23 April 2020 at 02:48

    Impressive.. I loved this post.

    Mobile app testing company

    ReplyDelete
  13. Allen Marry4 May 2020 at 22:54

    I like your post there is a lot of information about software testing, which i would like to learn, thank you for the great guide. Very useful post and I think it is rather easy to see from the other comments as well that this post is well written and useful.Keep up the good work.. Read more about QA Services

    ReplyDelete
  14. Vasu5 June 2020 at 09:25

    nice

    ReplyDelete
  15. anand13 July 2020 at 02:52

    nice article.

    Software Testing Training in Chennai | Certification | Online Courses



    Software Testing Training in Chennai | Certification | Online Training Course | Software Testing Training in Bangalore | Certification | Online Training Course | Software Testing Training in Hyderabad | Certification | Online Training Course | Software Testing Training in Coimbatore | Certification | Online Training Course | Software Testing Training in Online | Certification | Online Training Course

    ReplyDelete
  16. sathya15 July 2020 at 05:22

    really helpful to clear my small concepts. thanks Keep doing more, waiting to read your next blog
    selenium training in chennai |
    Selenium Training in Chennai | Certification | Online Training Course | Selenium Training in Bangalore | Certification | Online Training Course | Selenium Training in Hyderabad | Certification | Online Training Course | Selenium Training in Coimbatore | Certification | Online Training Course | Selenium Training in Online | Certification | Online Training Course

    ReplyDelete
  17. Mohan.S21 November 2020 at 02:01

    Thank you for sharing this information ....its valuable content..keep update...

    "Top Digital Marketing Service Provider in Chennai
    Mobile app development company in chennai
    Best ERP erp software solutions in chennai"

    ReplyDelete
  18. harley21 October 2021 at 04:24

    Thanks for sharing this blog. The content is beneficial and useful. Very informative post.
    Android App Development Company in Chennai.

    ReplyDelete
  19. harley21 October 2021 at 05:29

    Thank you for sharing blog about Android App Development ,its really great.

    ReplyDelete
  20. Jiguru G29 December 2021 at 17:46

    Thank you for sharing such detailed Blog. I am learning a lot from you. Visit my website to get best Information About Best IAS Coaching in Ranchi
    Best IAS Coaching in Ranchi
    Top IAS Coaching in Ranchi

    ReplyDelete
  21. Welcome to Ducat India15 January 2022 at 00:29

    Great Post! Thanks for sharing. Keep sharing such information.

    Apply Now for Android Training in Noida

    For more details about the course fee, duration, classes, certification, and placement call our expert at 70-70-90-50-90

    ReplyDelete
  22. Jessica John31 January 2022 at 20:30

    Great blog. It's clearly explains about android application security testing. Security testing plays a major role in software development sector. Secure software can give best outcome to the end user. Penetration testing is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Know more here about security testing services and how it helps your business.

    ReplyDelete
  23. marydry21 February 2022 at 04:41

    This android app development post was both informative and reassuring to me. 

    ReplyDelete
  24. cybersecurity12 April 2022 at 03:20

    i read a lot of stuff and i found that the way of writing to clearifing that exactly want to say was very good so i am impressed and ilike to come again in future.. application security provider

    ReplyDelete
  25. Rohit16 April 2023 at 23:39

    Nice information. Thank you for sharing.
    Android App Development Company

    ReplyDelete

Post a Comment

Popular posts from this blog

Drozer Commands - A Security & Attack Framework for Android

What is Drozer? Drozer is a Security & Attack Framework for Android Application Testing. Drozer is a tool that can be used for Mobile device review , Secure development of applications, BYOD approval and Mobile application testing. There are 2 Versions of Drozer an Open Source and other one Pro version having following features Gathering the information about the application Find the attack surface Test your Exposure to Public Exploits Execute dynamic code on a device, to avoid the need to compile and install small test scripts. Start Android emulators, provisioned with the drozer Agent and the app you want to investigate. Simulate sensor input, such as GPS, to emulators to test the full attack surface. View the attack surface as a graph. this will be helpful for the risk assessment reporting. Drozer is having agent & server architecture so to start with assessment we have to install the agent in the emulator or connected device. Command to install the Dr
6 comments
Read more

OWASP IoT (Internet of Things) Top 10 - A Walkthrough

OWASP IoT (Internet of Things) Top 10 - 2014 Introductions: In Todays world things of everyday are becoming smart, every hour hundreds and thousands of smart devices are being added to the Internet whether it is a Toaster, Camera, Refrigerator, T.Vs, Cars etc. So it can be a target of attackers easily, here comes OWASP IoT Top 10 to address this issue. OWASP IoT Top 10 is designed to make the everyday devices secure on same lines of guidelines by OWASP TOP 10 for applications. The OWASP Internet of Things Top 10 - 2014 is as follows: I1 – Insecure Web Interface I2 – Insufficient Authentication/Authorization I3 – Insecure Network Services I4 – Lack of Transport Encryption I5 – Privacy Concerns I6 – Insecure Cloud Interface I7 – Insecure Mobile Interface I8 – Insufficient Security Configurability I9 – Insecure Software/Firmware I10 – Poor Physical Security  How to test for OWASP IoT Top 10   I1 – Insecure Web Interface: Everyday devices have web ser
Post a Comment
Read more