Walkthrough : InsecureBankv2

EXECUTIVE SUMMARY

OBJECTIVE

SCOPE

Disclaimer

Few points

Summary Scan Report of Android-InsecureBankv2

Static Analysis

Here I have found few information

1) Application Signature is vulnerable

2) Some Application Permissions are vulnerable

3) Manifest Analysis

4) Possible Hardcoded Secrets

5) Activities

Some Other Vulnerabilities

Login Bypass

Findings

  1. Write External Sotrage there is no need to provide this on application the attacker can insert malicious data in storage its vulnerable.
  1. Insecure Communication : Application is weak communication method bcoz its using http method which is not secure because it does not use TLS/SSL to encrypted the request.

Dynamic Analysis

CONCLUSIONS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store