AppSec USA 2017 has ended
Thursday, September 21 • 2:30pm - 3:15pm
iGoat – A Self Learning Tool for iOS App Pentesting and Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

OWASP iGoat is an open source self-learning tool for iOS developers, mobile app pentesters. The best thing about iGoat is that it follows client-server architecture and supports all iDevices including iPad, iPhone, iPod and Macbook simulator for iOS 8/9/10. It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

Brief introduction to the problem.

Verify the problem by exploiting it.

Brief description of available remediations to the problem.

Fix the problem by correcting and rebuilding the iGoat program.

This talk is all about how iOS developers, security analysts can dive deep into iOS App Security using iGoat tool. This talk will start from setting up iGoat to exploiting latest exploits in iOS app. I’ll also release a new version of iGoat with tons of new exercises at Appsecusa 2017.


avatar for Swaroop Yermalkar

Swaroop Yermalkar

Lead Security Engineer
Swaroop Yermalkar works as a lead security engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition, he has authored the book “Learning iOS Pentesting” and lead an open source project - OWASP iGoat which is developed for iOS security... Read More →

Thursday September 21, 2017 2:30pm - 3:15pm EDT
Coronado L