2015-05-13 09:43:05 +00:00
|
|
|
# DVHMA
|
2015-05-13 10:36:07 +00:00
|
|
|
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for
|
|
|
|
|
Android) that *intentionally* contains vulnerabilities. Its purpose is
|
|
|
|
|
to enable security professionals to test their tools and techniques
|
|
|
|
|
legally, help developers better understand the common pitfalls in
|
|
|
|
|
developing hybrid mobile apps securely.
|
|
|
|
|
|
|
|
|
|
## Motivation and Scope
|
|
|
|
|
This app is developed to study pitfalls in developing hybrid apps,
|
|
|
|
|
e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the
|
|
|
|
|
main focus is to develop a deeper understanding of injection
|
|
|
|
|
vulnerabilities that exploit the JavaScript to Java bridge.
|
|
|
|
|
|
|
|
|
|
## Team Members
|
2015-05-13 10:42:51 +00:00
|
|
|
This application is developed as part of the project ZertApps
|
|
|
|
|
(Certified Security for Mobile Applications). ZertApps
|
|
|
|
|
(http://www.zertapps.de) is a collaborative research project funded by
|
|
|
|
|
the German Ministry for Research and Education. The core developers of
|
|
|
|
|
DVHMA are:
|
2015-05-13 10:36:07 +00:00
|
|
|
* Achim D. Brucker <achim.brucker@sap.com>
|
|
|
|
|
* Michael Herzberg <michael.herzberg@sap.com>
|
|
|
|
|
|
|
|
|
|
## License
|
|
|
|
|
This project is under the Apache 2.0 License.
|
