Setting up iGoat on Macbook
OWASP iGoat is an open source self-learning tool for iOS developer and iOS mobile security tester. It helps to understand basic security concern and its remediation in iOS application. iGoat has a rich feature that works on client-server model and support almost all iDevices like iPhone, iPad, iPod and MAC simulator etc. for iOS 8/9/10. It covers almost all the well-known vulnerability in mobile application. Recently iGoat v3 has been released with some new cool challenges.
Downloading iGoat:
- Download the iGoat project file from https://github.com/OWASP/igoat
Setting up iGoat:
Extract the “igoat-master.zip” file.
Download and install "Xcode" from app store.
Open the “iGoat.xcodeproj” file using “Xcode”.
- Select any simulator that support iOS 8/9/10 version.
In order to run iGoat web server it needs basic software like Ruby (2.0 and above) etc., but there is a few external gem required. This can be downloaded with the following commands:
#sudo gem install sinatra json
- To run igoat server simply invoke the igoat-server.rb script from the terminal :
./igoat-server.rb
Running iGoat:
- Click on play button to run iGoat in simulator.
- Click on "Dismiss" to start the challenge.
