I strongly believe this AndroGoat will help many people to learn Android Application Security Testing.
Happy learning
Vulnerabilities covered in this app:
- Root Detection
- Emulator Detection
- Insecure Data Storage – Shared Prefs - 1
- Insecure Data Storage - Shared Prefs - 2
- Insecure Data Storage - SQLite
- Insecure Data Storage – Temp Files
- Insecure Data Storage – SD Card
- Keyboard Cache
- Insecure Logging
- Input Validations – XSS
- Input Validations – SQLi
- Input Validations – WebView
- Unprotected Android Components – Activity
- Unprotected Android Components –Service
- Unprotected Android Components – Broadcast Receivers
- Unprotected Android Components – Content Providers (Coming Soon)
- Hard coding issues
- Network intercepting – HTTP
- Network intercepting – HTTPS
- Network intercepting – Certificate Pinning
- Misconfigured Network_Security_Config.xml
- Android Debuggable
- Android allowBackup
- Custom URL Scheme
- Broken Cryptography
- QR Code Scanning (Coming Soon)
- Fingerprint Authentication (Coming Soon)
Download apk file from https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk , install and ride AndroGoat..
Feedbank and Ideas are welcome. Please reach me satishkumarpatnayak@live.com
Follow me on Twiiter for update on blogs, changes...etc https://twitter.com/satish_patnayak