Penetration Testing Apps

For tests to properly run on our system, they should be properly configured APKs and IPAs that a developer would release into production. In many cases, we see security analysts and researchers attempt to run automated analysis on manual penetration testing apps.

Why these apps offer incomplete analysis

In many instances, these apps will not provide measurable results when compared to manual analysis. There are several reasons for this:

  • Our automation technology cannot perfectly mirror the user interaction a human would perform
  • These penetration testing apps require backend connections not properly configured when uploaded to our system
  • These apps require specific settings that are not present in our device farm

While many security professionals rely on these apps to learn penetration testing techniques, these apps are unique tools purpose-built to be a learning app.

Common apps we see users upload to our system

  • Damn Vulnerable iOS App: DVIA (iOS)

  • OWASP GoatDroid Project: GoatDroid (Android)

  • Insecure Banking App: InsecureBank & InsecureBankv2 (Android)

If you would like to learn more about apps that would run on our system or discuss a proper app to use when exploring our current features, please refer to our

Mobile Apps chapter or connect with us using our in-app chat.