IP addressing and IPv6, presented by Paul Wilson at IETF 119
Meet the DIVA - by: Sandeep & Ankit
1.
2. DIVA (Damn insecure and
vulnerable App) is an
Android App intentionally
designed to be insecure
The vulnerabilities exist
from a developer’s
perspective
Source:
https://github.com/payat
u/diva-android
Created by Aseem Jakhar
3. Current Challenges include:
◦ Insecure Logging
◦ Hardcoding Issues – Part 1
◦ Insecure Data Storage – Part 1
◦ Insecure Data Storage – Part 2
◦ Insecure Data Storage – Part 3
◦ Insecure Data Storage – Part 4
◦ Input Validation Issues – Part 1
◦ Input Validation Issues – Part 2
◦ Access Control Issues – Part 1
◦ Access Control Issues – Part 2
◦ Access Control Issues – Part 3
◦ Hardcoding Issues – Part 2
◦ Input Validation Issues – Part 3
4. For the purpose of the walkthrough of the
challenges we need the following tools:
◦ Genymotion or Android Studio AVD
◦ Dex2jar or jadx
◦ JD-GUI
◦ APKTOOL