MASTG-APP-0031: VulnForum
VulnForum is an intentionally vulnerable mobile forum application designed for security testing and training, serving as a practical target for the test cases outlined in the MASTG.
The application uses a modern technology stack, featuring a native Android frontend built with Kotlin and Jetpack Compose and an API backend implemented with Python Flask.
It covers a broad spectrum of common mobile and API security flaws, including:
- Injection: SQL Injection and Cross-Site Scripting (XSS).
- Access Control: Broken authorization logic and improper token validation.
- Data Security: Insecure data storage, verbose logging, and hardcoded secrets.
- Platform: Exploitable exported components and misconfigured deep links.
The repository provides detailed setup instructions and a specific set of Flags/Challenges for users to validate their exploitation skills.