WaTF Bank v1.0 releases: Terrible Failure Mobile Banking Application for Android and iOS
WaTF-Bank
What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C, and Python (Flask framework) as a backend server, is designed to simulate a “real-world” web services-enabled mobile banking application that contains over 30 vulnerabilities.
The objective of this project:
- Application developers, programmers, and architects can understand and consider how to create secure software by investigating the vulnerable app (WaTF-Bank) on both Android and iOS platforms.
- Penetration testers can practice security assessment skills in order to identify and understand the implication of the vulnerable app.
List of Vulnerabilities
| OWASP Mobile Top 10 2016 | Vulnerability Name |
|---|---|
| M1. Improper Platform Usage |
|
| M2. Insecure Data Storage |
|
| M3. Insecure Communication |
|
| M4. Insecure Authentication |
|
| M5. Insufficient Cryptography |
|
| M6. Insecure Authorization |
|
| M7 Client Code Quality |
|
| M8. Code Tampering |
|
| M9. Reverse Engineering |
|
| M10. Extraneous Functionality |
|
Changelog v1.0
- Fix bug transfer function
Install
git clone https://github.com/WaTF-Team/WaTF-Bank.git
pip3 install -r requirements.txt
Use
./StartServer
Copyright (c) 2018 WaTF-Team
Source: https://github.com/WaTF-Team/
