Damn Insecure & Vulnerable App (DIVA)

DIVA is an Android app intentionally designed to be insecure. The aim of this app is to teach developers/QA/security professionals, flaws that are generally present in the apps due to poor or insecure coding practices.

What is included in DIVA ?

The app covers common vulnerabilities in Android apps ranging from insecure storage, input validation to access control issues. Few vulnerabilities in native code have also been included, which makes it more interesting from the perspective of covering both Java and C vulnerabilities.

There are 13 challenges within the app with each having a vulnerability.

DIVA1 DIVA2

Where can I get DIVA ?