The video below demonstrates how to test a mobile application for remote authentication vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major security vulnerabilities in mobile applications and how to deal with them. This program is built and maintained by OWASP. This video blog is the second in a series based on the iGoat application. The video blog regarding local data storage vulnerabilities can be found here. I plan on doing more video blogs covering various exploits and how to install iGoat properly. Keep an eye out for those!
As we saw in the video, the username and the password is transmitted to the server in plain text for authentication purposes. Sensitive information like accounts, passwords, and contact lists needs to be properly secured with industry standard encryption algorithms prior to being submitted. I hope you learned how to deal with Remote Authentication vulnerabilities, and I hope you check out other video blogs in this series that will be released soon. Happy mobile application security testing!