OWASP Sectudo
Sectudo is a Mobile app that aims at imparting simplified Mobile Application Security Learning.
Sectudo demonstrates the security flaws prone to Mobile apps and their Server-side Web APIs. These security flaws can be seen and practiced in the insecure instance of a demo application present in the app.
The details of the flaws along with the step-by-step guide of enumerating them are given in the form of videos.
Along with security flaws, Sectudo also aims to provide an understanding of its security controls. A separate secure instance of the demo application is present in it, with the necessary security measures in place. The security implementation can be studied by navigating through its different features.
What is inside Sectudo?
Insecure version:
Demo KYC Portal – A demo application with features like Add/View KYC, View Accounts, etc. They have different security flaws embedded in them.
Secure version:
Demo KYC Portal – A secure version of the same demo application with similar features like Add/View KYC, View Accounts, etc. showcasing the security controls implemented in them.
A Learning Guide:
Mobile Application Security – The learning guide is ideal for beginners to know about all the important application security topics related to the Mobile app. It focuses on highlighting the root cause of the flaws and their impact.
App Features
App Screenshots
Credentials to Access the Demo Versions
| Insecure Demo Instance | Secure Demo Instance |
|---|---|
| Set 1: Username: skyrider1; Password: myworld123 | Set 1: Username: supcop1; Password: secureworld123 |
| Set 2: Username: skyrider2; Password: myworld456 | Set 2: Username: supcop2; Password: secureworld456 |
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.