diff --git a/README.md b/README.md index 5b52400..0f6da64 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # DVHMA + Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that *intentionally* contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques @@ -6,6 +7,7 @@ legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. ## Motivation and Scope + This app is developed to study pitfalls in developing hybrid apps, e.g., using [Apache Cordova](https://cordova.apache.org/) or [SAP Kapsel](https://blogs.sap.com/2013/10/21/an-introduction-to-smp-kapsel/), @@ -14,8 +16,11 @@ understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. ## Installation + ### Prerequisites + We assume that the + * Android SDK (https://developer.android.com/sdk/index.html) and * Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) @@ -24,12 +29,15 @@ Moreover, we assume a basic familiarity with the build system of Apache Cordova. ### Building DVHMA + #### Setting Environment Variables + export ANDROID_HOME= export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH #### Compiling DVHMA + cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent @@ -37,9 +45,11 @@ Apache Cordova. cordova compile android #### Running DVHMA in an Emulator + cordova run android ## Team Members + The development of this application started as part of the project [ZertApps](http://www.zertapps.de). ZertApps was a collaborative research project funded by the German Ministry for Research and @@ -52,9 +62,11 @@ The core developers of DVHMA are: * [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg) ## License + This project is under the Apache 2.0 License. ## Publications + * Achim D. Brucker and Michael Herzberg. [On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)