Web Security

The following tasks were performed as part of an assignment for "Application Security" course at New York University

Setting up

• Install android studio
• Create an android virtual device
• Import given project

Intents

• Answer questions about intents
• Fix an incorrect intent in the code
• Stop other applications from launching your activities through intents
• A write-up consolidating the above topics

Use secure REST API's

• Find all insecure REST API calls and fix them to use https encryption

Find a bad design choice that leads to a vulnerability

• Find out how some REST API calls can be made to use gift cards that belong to a different user
• Write briefly about the problem and how to possibly solve it

Remove privacy invasive code

• Find code that asks for excessive permissions than that are required for the application functionality
• Remove the code and also files that support it

Please look at intructions for more details