
DVHMA Damn Vulnerable Hybrid Mobile App
#Threat Defense#Vulnerability Management
A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1
DVHMA: A Hybrid Mobile Application with Intentional Vulnerabilities
DVHMA is a hybrid mobile app designed for Android that intentionally includes vulnerabilities.
The Purpose of This Application
The purpose of this application is to allow security professionals to legally test their tools and techniques. It also aims to assist developers in understanding the common pitfalls associated with developing hybrid mobile apps securely.
Motivation and Scope: This application has been developed to investigate the challenges faced when creating hybrid apps, such as those using Apache Cordova or SAP Kapsel, in a secure manner. Currently, the primary focus is on gaining a deeper understanding of injection vulnerabilities that take advantage of the JavaScript to Java bridge.
Installation Prerequisites
Installation Prerequisites: We assume that you have the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/) installed, specifically version 8.0.0, although later versions may also work. Additionally, we expect you to have a basic understanding of the Apache Cordova build system.
Building DVHMA: To set the environment variables, use the following commands:
export ANDROID_HOME=
export PATH=$ANDROID_HOME/tools:$PATH
export PATH=$ANDROID_HOME/platform-tools:$PATH
Compiling DVHMA: Navigate to the DVHMA-Featherweight directory and add the necessary plugins by executing these commands:
cd DVHMA-Featherweight
cordova plugin add ../plugins/DVHMA-Storage
cordova plugin add ../plugins/DVHMA-WebIntent
cordova plugin add ../plugins/DVHMA-WebIntent