Damn Vulnerable Library is an intentionally made vulnerable Android application.
The application connects to the application and database server hosted on the cloud through a VPN and provides library services for registered users. Users can register, create accounts, add books to a cart, and purchase the books using a credit card.
Download the Library.apk file from releases page.
Install the damn vulnerable library application on an emulator or Android device.
Connect to DarkRelay VPN (email training@darkrelay.com to request a VPN file(Pricing:$5 or 500 INR per month)).
Start penetration testing the damn vulnerable library application.
Improper Credential Usage
Inadequate Supply Chain Security
Insecure Authentication and Authorization
Insufficient Input/Output Validation
Insufficient Binary Protection
Security Misconfiguration
Inadequate Privacy Controls
Insecure Storage
Insecure Cryptography
Debug Enabled
Insecure Intent
Unprotected Exported Activity
Intent hijacking vulnerability
Improper URL Validation
Hardcoded Secrets
Insecure Logging