WaTF Bank v1.0 releases: Terrible Failure Mobile Banking Application for Android and iOS
What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C, and Python (Flask framework) as a backend server, is designed to simulate a “real-world” web services-enabled mobile banking application that contains over 30 vulnerabilities.
The objective of this project:
- Application developers, programmers, and architects can understand and consider how to create secure software by investigating the vulnerable app (WaTF-Bank) on both Android and iOS platforms.
- Penetration testers can practice security assessment skills in order to identify and understand the implication of the vulnerable app.
List of Vulnerabilities
|OWASP Mobile Top 10 2016||Vulnerability Name|
|M1. Improper Platform Usage||
|M2. Insecure Data Storage||
|M3. Insecure Communication||
|M4. Insecure Authentication||
|M5. Insufficient Cryptography||
|M6. Insecure Authorization||
|M7 Client Code Quality||
|M8. Code Tampering||
|M9. Reverse Engineering||
|M10. Extraneous Functionality||
- Fix bug transfer function
git clone https://github.com/WaTF-Team/WaTF-Bank.git
pip3 install -r requirements.txt
Copyright (c) 2018 WaTF-Team