Earlier this summer, Apple released its latest programming language, Swift, for iOS and OS X apps. The language was created to be both simpler and faster for developers to use.
Seth Law, Director of Research and Development at nVisium, decided to create the intentionally vulnerable Swift.nV iOS application. “Initially, we wanted to know how developers were using the language and what vulnerabilities existed, while exploring existing vulnerabilities and what they look like in Swift,” explained Law.
Swift.nV is an open source project available to all using Apple’s developer tools. Based off common application security flaws, such as the OWASP Top 10 and OWASP Mobile Top 10 vulnerabilities, this training mechanism was built to teach developers how to prevent and fix security flaws in the Swift programming language. This past June, nVisium released a similar intentionally vulnerable application for Grails called Grails.nV. “Just like Grails.nV, Swift.nV is part of our plan to expand the availability of security training tools for the developer community,” said Jack Mannino, CEO of nVisium.
According to Law, “It is easier to find vulnerabilities in Swift than in other languages, such as Objective-C, since Swift is easier to learn and develop programs in.” In his opinion, “Swift will probably overtake Objective-C rapidly due to its ease of use.”
Currently Swift.nV and a list of over a dozen vulnerabilities common in mobile applications are offered on Github, an open-source development community. Seth expects to release tutorial videos and articles in the future on how to find and fix security issues within the Swift programming language. Requests on specific features will be accepted, which are expected to drive future research and development.
About nVisiumnVisium was founded in 2009 to build a better way forward for securing software throughout the development life cycle. Headquartered within the Washington DC area, nVisium has proven experience securing what matters most for Fortune 500 clients, innovative software startups, and government organizations. The nVisium team founded and created the OWASP Mobile Security Project, which is a global initiative to improve the state of mobile application security through next-generation secure development techniques. The team has presented research at major industry conferences and continue to develop open source tools for developers and penetration testers. Follow @nVisium.