Home page logo

securecoding logo Secure Coding mailing list archives

Fwd: [Owasp-igoat-project] OWASP iGoat version 2.0 RELEASED!!!
From: "Kenneth R. van Wyk" <ken () krvw com>
Date: Tue, 26 Feb 2013 14:56:29 -0500

Greetings SC-L,

For all of you who are interested in mobile app sec (or interested in learning more about it), we released OWASP iGoat 
version 2.0 today. See the details in our announcement below.


Ken van Wyk

Begin forwarded message:

From: "Kenneth R. van Wyk" <ken () krvw com>
Subject: [Owasp-igoat-project] OWASP iGoat version 2.0 RELEASED!!!
Date: February 26, 2013 2:48:48 PM EST
To: "owasp-igoat-project () lists owasp org" <owasp-igoat-project () lists owasp org>

OWASP iGoat Project:

Thanks to iGoat lead developer, Sean Eidemiller, it gives me great pleasure to announce the immediate release of 
OWASP iGoat version 2.0! See the project web site at: 


for more information, or go directly to the source repository to download at:


The OWASP iGoat tool is a stand-alone iOS app (distributed solely in source code) designed to introduce iOS 
developers to many of the security pitfalls that plague poorly-written apps. Like its namesake, OWASP's WebGoat tool, 
iGoat is intended to teach software developers about these issues by stepping them through a series of exercises, 
each of which focuses on a single aspect of iOS security.

OWASP iGoat is an ideal tool to use in a classroom setting to teach iOS developers (and technically minded IT 
Security staff with at least some exposure to object oriented programming).

Exercises include many typical problem issues (and their solutions) including:
- Securing sensitive data in transit
- Securing sensitive data at rest
- Securely connecting to back-end authentication services
- Side channel data leakage (e.g., system screen shots, cut-and-paste, and keystroke logging via the autocorrection 
- Making use of the system keychain to store small amounts of consumer-grade sensitive data

New to version 2.0:

- iGoat is now a true Universal app, so it builds and runs on iPhones, iPod Touches, as well as iPads. Full screen 
views are supported on all of these devices. (It also runs on the iPhone simulator included with XCode, of course -- 
which is ideal for a classroom environment.)

- A few "behind the scenes" improvements were made to the iGoat platform itself, making it easier to work with and 
develop new exercises. These include:
  o Storyboards for main screen navigation.
  o ARC support for object memory management.

- General code clean-ups.


To build and run iGoat, you'll need a Mac running OS X (real or virtual machine), with XCode installed. iGoat was 
built for Mountain Lion, but should run fine on any OS X newer than Snow Leopard. We recommend the latest XCode and 
built iGoat using XCode version 4.6. Similarly, iGoat was built on iOS 6.1, but should be backwards compatible with 
at least version 5.x. 

We invite the OWASP community to download and try iGoat, and we welcome your suggestions for improvements. We're 
always looking for willing participants to contribute to the project as well!


Ken van Wyk
OWASP iGoat Project Leader

Owasp-igoat-project mailing list
Owasp-igoat-project () lists owasp org

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates

  By Date           By Thread  

Current thread:
  • Fwd: [Owasp-igoat-project] OWASP iGoat version 2.0 RELEASED!!! Kenneth R. van Wyk (Feb 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]