Joshua Vigar Undergraduate Dissertation 2017/18

Creating an Intentionally Vulnerable Android Application for Teaching

Supervised by A.Brucker

Abstract

Mobile applications are quickly becoming the primary way businesses interact with consumers and hybrid applications are a convenient and cost-effective way to produce a consistent experience across all platforms. However, hybrid application development brings with it a whole host of security concerns which are difficult to understand fully simply by theory.

I aim to showcase and extend the Damn Vulnerable Hybrid Mobile Application on Android in order to show developers how these vulnerabilities can be exploited and secured.

The final version of the application has two testable vulnerabilities of Cross-Site Scripting and Sensitive Data Exposure and a third possible attack vector in SQL injection that I personally was unable to exploit. With these limitations I still believe that the app in its current state is a useful resource for novice developers to use for security education and application development.