unSafe Bank

About

UnSAFE Bank is a core virtual banking suite designed with the aim to incorporate the cybersecurity risks and various test cases such that newbie, developers, and security analysts can learn, hack and improvise their vulnerability assessment and penetration testing skills on Web, Android and iOS application.

Note: Only Web and iOS application are launched. Android application is under development.

Application Features

It currently consists of the following functionalities:

  1. Funds Transfer
  2. View Account Statement
  3. Manage Beneficiary
  4. Loans
  5. Account Settings
  6. Contact us
  7. About us

Note: New features and vulnerability integration is under development.

Vulnerability Coverage

Say it intentionally or unintentionally, we have introduced vulnerabilities which varies from low severity to critical severity.

To provide you a reference, the following classes of vulnerabilities will be encountered in the applications:

OWASP Top 10 2017OWASP Mobile Top 10 2016
A1: InjectionM1: Improper Platform Usage
A2: Broken AuthenticationM2: Insecure Data Storage
A3: Sensitive Data ExposureM3: Insecure Communication
A4: XML External Entities (XXE)M4: Insecure Authentication
A5: Broken Access ControlM5: Insufficient Cryptography
A6: Security MisconfigurationM6: Insecure Authorization
A7: Cross-Site Scripting (XSS)M7: Client Code Quality
A8: Insecure DeserializationM8: Code Tampering
M9: Reverse Engineering

Setting up the environmentDependencies

  1. Install git on your system.
  2. Install docker-compose on your system.
  3. Make sure that port 80 of your laptop/desktop does not have a running service.
  4. Android/iOS phone would be required for mobile application testing.

Setting up the server

  1. Clone the repository on your system (Laptop/Desktop) git clone https://github.com/lucideus-repo/UnSAFE_Bank.git
  2. Navigate to the UnSAFE_Bank/Backend directory cd UnSAFE_Bank/Backend
  3. Start docker service (if not running) sudo service docker start
  4. Start the containers docker-compose up -d

Installing iOS Application

  1. Download and install the Cydia Impactor on your system.
  2. Connect your iPhone to the system and open Cydia Impactor.
  3. Navigate to the /iOS directory.
  4. Drag and drop the UnSAFE Bank.ipa file on Cydia Impactor.
  5. Follow the Cydia Impactor process to complete the installation.
  6. Trust the developer profile (if required) and your application would be ready to use.

Note: You can always use other methods to install the iOS application as per your convenience.

Test Connectivity Status (iOS Application)

  1. Make sure your iPhone and the server machine are connected to the same network.
  2. Check your server's IP address (ifconfig or ipconfig) and the port (Default port is 80).
  3. Open the iOS Application and provide the connection strings on the top right corner to connect to the backend.
  4. If there is no error message on your iPhone then "You are connected successfully".
  5. If there is an error, make sure your backend is running successfully or you have provided the valid IP address/port.

Test Connectivity Status (Web Application)

  1. Make sure that you are either using the same machine as the server or the server machine is running on a machine on the same local network.
  2. Note down the port number of your web application (APP_PORT). Default port is 3000.
  3. Check your server's IP address (ifconfig or ipconfig) and the port (Default port is 80).
  4. On any browser, navigate to http://: and check if you can land at the login page.
  5. Click on Test Connection? and enter the and .
  6. Ensure that the application shows a message Connection Established.

Login Credentials

Customer ID and password is required to login into the application. You can always sign up as a new user in the application.

On successful sign up:

  1. You will be provided with your Customer ID corresponding to your account. Always note your Customer ID and keep it SAFE for further usage.
  2. Your dummy PII and account information would be created automatically.
  3. Default beneficiaries would be added in your account.
  4. Virtual money would be added in your account ranging from 1 to 10 lakh.

Existing User Bank Accounts

On successful sign up:

Following data can be used to perform actions such as add beneficiary, funds transfer etc.

Account HolderAccount Number IFSC Code
Vipul Malhotra003558008876IFSC00009
Kevin Winkel270365500638IFSC00009
Kelly Campbell533074805951IFSC00010
Krystal Langworth 731258783797IFSC00006
Margarita Mann 359502423130IFSC00010
David Mahabir 795554898923IFSC00002
Boris Gerhold 485064210112IFSC00006
Nathaniel Runolfsson 518569490010IFSC00003
Yvette Cooper 841478410516 IFSC00007
Orion Glover 001498029143 IFSC00003

Troubleshooting

Problem 1: Docker containers fail to build on the first attempt.

Problem 2: Internet connection goes away while the docker containers are building up.

Problem 3: You end up inserting junk data or deleting essential data from the database.

Solution: run the command docker-compose up -d --build to build the docker containers fresh.

Problem 4: Error message listen tcp 0.0.0.0:80: bind: address already in use.

Problem 5: Error message listen tcp 0.0.0.0:3000: bind: address already in use.

Solution: Check that another service that uses port 80 such as Apache or IIS is down.

Problem 6: Navigating to http://: gives a message Service Unavailable.

Solution: Wait for 20 to 30 seconds for the services to completely start up.

Problem 7: Web application shows the message Backend server is unresponsive.

Solution 1: Follow the steps mentioned to check the connectivity status and navigate to http://:/api. Check if you can get the message Welcome to UnSAFE Bank.

Encountered a bug or want to suggest something?

If you come across any functional bug in the application or want to suggest the improvements, file an issue at this repository. We will look into it at the earliest. :)

License

This project is using the GNU General Public License v3.0.