Challenges
  • Introduction
  • InsecureShop Challenges
    • Hardcoded Credentials
    • Insufficient URL Validation
    • Weak Host Validation
    • Arbitrary Code Execution
    • Intent Redirection (Access to Protected Components)
    • Unprotected Data URIs
    • Theft of Arbitrary files from LocalStorage
    • Using Components with Known Vulnerabilities
    • Insecure Broadcast Receiver
    • AWS Cognito Misconfiguration
    • Insecure use of FilePaths in FileProvider
    • Use of Implicit intent to send a broadcast with sensitive data
    • Intercepting Implicit intent to load arbitrary URL
    • Insecure Implementation of SetResult in exported Activity
    • Insecure Content Provider
    • Lack of SSL Certificate Validation
    • Insecure Webview Properties Enabled
    • Insecure Data Storage
    • Insecure Logging
Powered by GitBook
On this page

Was this helpful?

Introduction

NextHardcoded Credentials

Last updated 3 years ago

Was this helpful?

InsecureShop is an Android application that is designed to be intentionally vulnerable. The aim of creating this app is to teach developers and security professionals about the vulnerabilities that are present in modern Android applications. This also serves as a platform to test your Android pentesting skills.

This space is only intended to point out the vulnerabilities implemented in the InsecureShop app and the vulnerable code used. This space won't provide you with complete solutions for all the vulnerabilities that are implemented in the InsecureShop app.

The InsecureShop project was released as part of the SourceZeroCon 2021.

You can view the slides here: