The video below demonstrates how to test a mobile application for local data storage vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major security vulnerabilities in mobile applications and how to avoid them. This program is built and maintained by OWASP. This video blog is the first of many in a series on vulnerabilities that I will expose with this application. I also plan on doing a video blog to demonstrate how to install iGoat properly. Keep an eye out for those!
As we saw in the video, it’s never acceptable to store user data in plaintext. Sensitive information like accounts, passwords, and contact lists needs to be properly stored using strong industry standard encryption algorithms. I hope you learned how to deal with Local Data Storage vulnerabilities, and I hope you check out other video blogs in this series that will be released soon. Happy mobile application security testing!