Greetings SC-L, For all of you who are interested in mobile app sec (or interested in learning more about it), we released OWASP iGoat version 2.0 today. See the details in our announcement below.
Cheers, Ken van Wyk Begin forwarded message: > From: "Kenneth R. van Wyk" <k...@krvw.com> > Subject: [Owasp-igoat-project] OWASP iGoat version 2.0 RELEASED!!! > Date: February 26, 2013 2:48:48 PM EST > To: "owasp-igoat-proj...@lists.owasp.org" > <owasp-igoat-proj...@lists.owasp.org> > > OWASP iGoat Project: > > Thanks to iGoat lead developer, Sean Eidemiller, it gives me great pleasure > to announce the immediate release of OWASP iGoat version 2.0! See the project > web site at: > > https://www.owasp.org/index.php/OWASP_iGoat_Project > > for more information, or go directly to the source repository to download at: > > http://code.google.com/p/owasp-igoat/ > > > The OWASP iGoat tool is a stand-alone iOS app (distributed solely in source > code) designed to introduce iOS developers to many of the security pitfalls > that plague poorly-written apps. Like its namesake, OWASP's WebGoat tool, > iGoat is intended to teach software developers about these issues by stepping > them through a series of exercises, each of which focuses on a single aspect > of iOS security. > > OWASP iGoat is an ideal tool to use in a classroom setting to teach iOS > developers (and technically minded IT Security staff with at least some > exposure to object oriented programming). > > Exercises include many typical problem issues (and their solutions) including: > - Securing sensitive data in transit > - Securing sensitive data at rest > - Securely connecting to back-end authentication services > - Side channel data leakage (e.g., system screen shots, cut-and-paste, and > keystroke logging via the autocorrection feature) > - Making use of the system keychain to store small amounts of consumer-grade > sensitive data > > > New to version 2.0: > > - iGoat is now a true Universal app, so it builds and runs on iPhones, iPod > Touches, as well as iPads. Full screen views are supported on all of these > devices. (It also runs on the iPhone simulator included with XCode, of course > -- which is ideal for a classroom environment.) > > - A few "behind the scenes" improvements were made to the iGoat platform > itself, making it easier to work with and develop new exercises. These > include: > o Storyboards for main screen navigation. > o ARC support for object memory management. > > - General code clean-ups. > > > Requirements: > > To build and run iGoat, you'll need a Mac running OS X (real or virtual > machine), with XCode installed. iGoat was built for Mountain Lion, but should > run fine on any OS X newer than Snow Leopard. We recommend the latest XCode > and built iGoat using XCode version 4.6. Similarly, iGoat was built on iOS > 6.1, but should be backwards compatible with at least version 5.x. > > > We invite the OWASP community to download and try iGoat, and we welcome your > suggestions for improvements. We're always looking for willing participants > to contribute to the project as well! > > Cheers, > > Ken van Wyk > OWASP iGoat Project Leader > > > > _______________________________________________ > Owasp-igoat-project mailing list > owasp-igoat-proj...@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-igoat-project
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
