We spend a lot of time in the Flutter community arguing about state management and app architecture. But when I recently went looking for a centralized list of mobile AppSec tools specifically for Flutter, I hit a wall.
There wasn't a dedicated "Awesome" repository for Flutter security. The resources for both defending and reverse-engineering compiled Dart apps were completely scattered.
So, instead of hoarding my personal bookmarks, I made the repo myself.
Meet Awesome Flutter Security.
Itβs a curated, open-source list of Flutter application security resources, defensive tools, and vulnerable sandboxes. Whether you are a developer trying to lock down your app or a pentester trying to break one, I wanted everything in one place.
What's inside:
- Defensive Tools: RASP (Runtime Application Self-Protection), obfuscation guides, and the right ways to handle secure storage and biometrics.
-
Offensive Tools: Frameworks like
reFlutterandblutterfor intercepting traffic, bypassing SSL pinning, and reverse-engineering AOT binaries. - Practice Sandboxes: Intentionally vulnerable apps (like DVFA) mapped to the OWASP Mobile Top 10 so you can practice your hacking skills.
- Standards: The must-read guidelines from OWASP and the official Flutter team.
Let's build this together
The goal is to make this the standard AppSec reference for the Flutter ecosystem. If you know of a tool, a great article, or a package that belongs on this list, PRs are highly welcome!
Check out the repository here: Awesome Flutter Security
Drop a βοΈ if you find it useful, and let me know in the comments: what is your go-to package for securing your Flutter apps? Did I miss any hidden gems?
Top comments (0)