From: https://github.com/vlakhani28/DVMA
Damn Vulnerable macOS Application (DVMA) is a purposefully designed macOS application that is riddled with security vulnerabilities. Its primary goal is to provide macOS enthusiasts, developers, and security researchers with a safe and controlled environment to learn, practice, and understand macOS application security.
DVMA is an educational tool that offers hands-on experience in identifying and exploiting various vulnerabilities. It is ideal for those looking to sharpen their skills in areas such as reverse engineering, malware analysis, and penetration testing, all within the unique ecosystem of macOS.
Vulnerabilities Included:
- Excessive Permissions Granted
- Minimum OS Version Low
- Hardcoded API Keys
- Insecure SIP Detection
- Sensitive Information stored in Memory
- Insecure Data Leakage in Logs
- Insecure Data Storage in Keychain
- Insecure Firebase Database
- Insecure Local Data Storage in plist files
- Insecure WebView Attacks
- SQL Injection Attack
- Command Injection Attack
- Insecure SSL Pinning
- Insecure TouchID Implementation
- Network Layer Security
