iBugBazaar is an open-source iOS application intentionally designed to be vulnerable for hands-on security testing and training. It contains more than 20 vulnerabilities (examples include hardcoded credentials, insecure storage and logging, WebView/XSS and redirect issues, insecure HTTP requests and authentication/authorization flaws). See the project README for the full list.