What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C and Python (Flask framework) as a backend server, is designed to simulate a “real-world” web services-enabled mobile banking application that contains over 30 vulnerabilities.
The objective of this project:
- Application developers, programmers and architects can understand and consider how to create secure software by investigating the vulnerable app (WaTF-Bank) on both Android and iOS platforms.
- Penetration testers can practice security assessment skill in order to identify and understand the implication of the vulnerable app.
List of Vulnerabilities
|OWASP Mobile Top 10 2016||Vulnerability Name|
|M1. Improper Platform Usage|
|M2. Insecure Data Storage|
|M3. Insecure Communication|
|M4. Insecure Authentication|
|M5. Insufficient Cryptography|
|M6. Insecure Authorization|
|M7 Client Code Quality|
|M8. Code Tampering|
|M9. Reverse Engineering|
|M10. Extraneous Functionality|
git clone https://github.com/WaTF-Team/WaTF-Bank.git
pip3 install -r requirements.txt
Copyright (c) 2018 WaTF-Team