OWASP iGoat v%@

Welcome to the OWASP iGoat learning tool; a security learning environment for iOS developers. iGoat was inspired by and loosely modeled after the OWASP WebGoat project. As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of exercises that each teach a single (but vital) security lesson.

The exercises are laid out in the following steps:
  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it or observing how an exploit works.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

Menu Buttons

Each iGoat exercise contains (at a minimum) the following informational menu buttons:
If you are working through iGoat in a self-study way, we suggest you first read each exercise's Exercise Plan, but you refrain from using the hints button unless you get stuck. Similarly, once you've exploited the vulnerability in each exercise, read through the Remediations information, but refrain from selecting the Solution button unless you really need it. You can, of course, refer to the Solution button information to verify that you fixed the problem in the same way we did in writing iGoat.