Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/logicalhacking/DVHMA
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
https://github.com/logicalhacking/DVHMA
android cordova vulnerability vulnerable-application
Last synced: about 1 month ago
JSON representation
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
- Host: GitHub
- URL: https://github.com/logicalhacking/DVHMA
- Owner: logicalhacking
- License: apache-2.0
- Created: 2015-05-13T09:43:05.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2018-08-22T08:55:09.000Z (over 6 years ago)
- Last Synced: 2024-10-15T00:40:19.471Z (about 2 months ago)
- Topics: android, cordova, vulnerability, vulnerable-application
- Language: JavaScript
- Homepage:
- Size: 11.7 MB
- Stars: 257
- Watchers: 14
- Forks: 66
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Citation: CITATION
Awesome Lists containing this project
- awesome-cyber-skills - Damn Vulnerable Hybrid Mobile App
- awesome-hacking-lists - logicalhacking/DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. (JavaScript)
README
# DVHMA
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for
Android) that *intentionally* contains vulnerabilities. Its purpose is
to enable security professionals to test their tools and techniques
legally, help developers better understand the common pitfalls in
developing hybrid mobile apps securely.
## Motivation and Scope
This app is developed to study pitfalls in developing hybrid apps,
e.g., using [Apache Cordova](https://cordova.apache.org/) or
[SAP Kapsel](https://blogs.sap.com/2013/10/21/an-introduction-to-smp-kapsel/),
securely. Currently, the main focus is to develop a deeper
understanding of injection vulnerabilities that exploit the JavaScript
to Java bridge.
## Installation
### Prerequisites
We assume that the
* Android SDK (https://developer.android.com/sdk/index.html) and
* Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later
versions might work)
Moreover, we assume a basic familiarity with the build system of
Apache Cordova.
### Building DVHMA
#### Setting Environment Variables
export ANDROID_HOME=
export PATH=$ANDROID_HOME/tools:$PATH
export PATH=$ANDROID_HOME/platform-tools:$PATH
#### Compiling DVHMA
cd DVHMA-Featherweight
cordova plugin add ../plugins/DVHMA-Storage
cordova plugin add ../plugins/DVHMA-WebIntent
cordova platform add android
cordova compile android
#### Running DVHMA in an Emulator
cordova run android
## Team Members
The development of this application started as part of the project
[ZertApps](http://www.zertapps.de). ZertApps was a collaborative
research project funded by the German Ministry for Research and
Education. It is now developed and maintained by the [Software
Assurance & Security Research Team](https://logicalhacking.com)
at The University of Sheffield, UK.
The core developers of DVHMA are:
* [Achim D. Brucker](http://www.brucker.ch/)
* [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
## License
This project is under the Apache 2.0 License.
SPDX-License-Identifier: Apache-2.0
## Master Repository
The master git repository for this project is hosted by the [Software
Assurance & Security Research Team](https://logicalhacking.com) at
.
## Publications
* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
Hybrid Mobile Apps: A Report on the State of Apache Cordova
Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
In International Symposium on Engineering Secure Software
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
72-88, Springer-Verlag, 2016.
https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)