Android Application Security Part 6-Let the Fun Begin

In the upcoming post i will explain the various Top 10 Mobile Risk 2014 according to while attacking a vulnerable android application .

I will using FourGoats App of OWASP GoatDroid Project which is location-based social network vulnerable app and also HerdFinancial App of OWASP Goatdroid Project which is simple Banking app. OWASP GoatDroid Project is a awesome project for the ones who want to learn about Android Application Security.

Getting Started with GoadDroid Project is already their on their Project Page. But if you are using Appie then you don’t need to follow the instruction written in the above page. I have already installed the GoatDroid server files on the Appie.

  • For starting the server type goatdroid in the Appie.

  • Click “Start Web Service” in the FourGoats Tab.It will start the server.

If you would see the FourGoats server control panel, in the bottom there are several security flaws which are there in FourGoats Application.

  • Client-Side Injection
  • Server-Side Authorization Issues
  • Side Channel Information Leakage
  • Insecure Data Storage
  • Privacy Concerns
  • Insufficient Transport Layer Protection
  • Insecure IPC

We also have to setup FouGoats Application .

  • If some of the previous posts i have also shown to install Fourgoats Application in the enumlated Device. If you are not aware then please follow the link

  • Now determine the ip address of your Host Machine.

So Mine is

  • Open up the FourGoats Application in Emulator .

  • Tap on Destination Info and Input IP Address, Port Number as 9888 and leave other field blank.

Now you can Login and interact with App.

Username: goatdroid

Password: goatdroid