Since we have covered most of the tools that we require with respect to the tools in Chapter 4, Loading up – Mobile Pentesting Tools, let's directly jump into setting up the target app. We will use two vulnerable apps that we learned about in Chapter 1, The Mobile Application Security Landscape, in the Vulnerable applications to practice section and set these as our target apps to demonstrate the OWASP Mobile Top 10 vulnerabilities. The two apps are as follows:
DVIA (short for Damn Vulnerable iOS App) can be directly downloaded from http://damnvulnerableiosapp.com/?paiddownloads_id=11
iGoat file for OWASP iGoat app can be downloaded from https://github.com/vijayvkvelu/iGoat-IPA-Git/blob/master/iGoat.ipa?raw=true
We will be using MacBook for some activities that require Xcode, Hopper (available for Linux too), LLDB that can be run only on OS X. For the assessment, we will create the folder in OS X as /Users/User/Desktop/iOSTarget/
.
As we have done the majority of the...