Ostorlab Insecure Application


Context

Vulnerable mobile applications are a good starting point to learn about mobile security. While they can to some extent be used to test and compare security scanners, they are either not maintained nor exhaustive:

Application Last Updated
Android-InsecureBankv2 Last year
DVIA 2 years ago
DVHMA 2 years ago
Digitalbank 4 years ago
DIVA Android 4 years ago
Appknow Vulnerable Application 4 years ago

Ostorlab is releasing as open-source a set of Vulnerable Mobile application (Native, Hybrid, Android, iOS ...) to test for the detection of vulnerable patterns, the absence of false positives, unreachable code for instance, and help set a standard for how Mobile Security Scanners compare.

Ostorlab will continue to enrich the set of vulnerabilities covered, community contributions will help further the effort by covering more vulnerabilities and patterns.

The current version contains the following vulnerabilities: