From 47cc50a50af529449404bfe3638337034b86c1cd Mon Sep 17 00:00:00 2001
From: sergey-wowwow <15173437+sergey-wowwow@users.noreply.github.com>
Date: Sun, 30 Aug 2020 22:04:59 +0300
Subject: [PATCH] Update README.md

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 286f585..9c4cb72 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ The Mobile App Pentest cheat sheet was created to provide concise collection of
 
 ### Android Application Penetration Testing
 #### Reverse Engineering and Static Analysis
+* [Oversecured](https://oversecured.com/) - A static SaaS-based vulnerability scanner for Android apps (accepts APK files). Designed for security researchers and bug bounty hackers. Also allows DevOps integrations for businesses. Supports apps written on Java and Kotlin.
 * [APKTool](http://ibotpeaches.github.io/Apktool/) - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications.
     * Disassembling Android apk file
       * `apktool d <apk file>`
@@ -276,6 +277,7 @@ Tip !! "adb backup" command can also be used for extracting application package
 * [OWASP iMAS](https://project-imas.github.com/) - iMAS is a collaborative research project from the MITRE Corporation focused on open source iOS security controls.
 
 ### Mobile Penetration Testing Lab
+* [OVAA](https://github.com/oversecured/ovaa) - Oversecured Vulnerable Android App. An Android app showing modern security vulnerabilities and flaws in a signle application.
 * [WaTF Bank](https://github.com/WaTF-Team/WaTF-Bank) - What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C and Python (Flask framework) as a backend server, is designed to simulate a "real-world" web services-enabled mobile banking application that contains over 30 vulnerabilities based on OWASP Mobile Top 10 Risks.
 * [InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) - WThis vulnerable Android application is named "InsecureBankv2" and is made for security enthusiasts and developers to learn the Android insecurities by testing this vulnerable application. Its back-end server component is written in python.
 * [DVIA-v2](https://github.com/prateek147/DVIA-v2) - Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.