AI Summary: Damn Vulnerable Bank is an intentionally vulnerable Android application designed to educate users on security flaws in banking apps. Its primary use case is for security professionals and developers to explore various vulnerabilities, such as root detection and insecure storage, by interacting with features like user registration, fund transfers, and transaction history. Notable features include fingerprint and PIN verification for transactions, as well as a gamified approach to discovering hidden vulnerabilities within the app.

README

Damn Vulnerable Bank

Guide: https://rewanthtammana.com/damn-vulnerable-bank/

About application

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. All the details are documented in the guide, here.

Upcoming Sessions

NoNameCon

• https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/

Black Hat Europe

• TBD

Features

• Sign up
• Login
• My profile interface
• Change password
• Settings interface to update backend URL
• Add fingerprint check before transferring/viewing funds
• Add pin check before transferring/viewing funds
• View balance
• Transfer money
  • Via manual entry
  • Via QR scan
• Add beneficiary
• Delete beneficiary
• View beneficiary
• View transactions history
• Download transactions history

List of vulnerabilities in the application

To keep things crisp and interesting, we hidden this section. Do not toggle this button if you want a fun and challenging experience. Try to explore the application, find all the possible vulnerabilities and then cross check your findings with this list.

Backend to-do

• Add profile and change-password routes
• Create different secrets for admin and other users
• Add dynamic generation of secrets to verify JWT tokens
• Introduce bug in jwt verification
• Find a way to store database and mount it while using docker
• Dockerize environment

Core Team

Damn Vulnerable Bank was created by

Read more, here.

Contributors