Data

Tools

Indexes

Applications

Experiments

Open Source Science

Recent Releases of mastg

mastg - v1.7.0

MASTG Refactor Part 2: Techniques, Tools & Reference Apps: This release introduces the second phase of the MASTG (Mobile Application Security Testing Guide) refactor. These changes aim to enhance the usability and accessibility of the MASTG.

The primary focus of this new refactor is the reorganization of the MASTG content into different components, each housed in its dedicated section/folder and existing now as individual pages in our website (markdown files with metadata/frontmatter in GitHub):

image

image

NOTE: You may find broken links on the website and in the PDF/eBook. This is a consequence of these massive changes and we expect to be able to fix them soon.

  • Tests:

    • Website: Tests section.
    • GitHub: tests/ folder.
    • Identified by IDs in the format MASTG-TEST-XXXX.
    • Includes all tests originally in:
      • 0x05d/0x06d-Testing-Data-Storage.md
      • 0x05e/0x06e-Testing-Cryptography.md
      • 0x05f/0x06f-Testing-Local-Authentication.md
      • 0x05g/0x06g-Testing-Network-Communication.md
      • 0x05h/0x06h-Testing-Platform-Interaction.md
      • 0x05i/0x06i-Testing-Code-Quality-and-Build-Settings.md
      • 0x05j/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md
    • :warning: IMPORTANT (TODO): These tests are still the original MASTG v1.6.0 tests. We will progressively split them into smaller tests, the so-called "atomic tests" in MASTG v2 and assign the new MAS profiles accordingly.

  • Techniques:

    • Website: Techniques section.
    • GitHub: techniques/ folder.
    • Identified by IDs in the format MASTG-TECH-XXXX.
    • Includes all techniques originally in:
      • 0x05b/0x06b-Basic-Security_Testing.md
      • 0x05c/0x06c-Reverse-Engineering-and-Tampering.md

  • Tools:

    • Website: Tools section.
    • GitHub: tools/ folder.
    • Identified by IDs in the format MASTG-TOOL-XXXX.
    • Includes all tools from:
      • 0x08a-Testing-Tools.md

  • Apps:

    • Website: Apps section.
    • GitHub: apps/ folder.
    • Identified by IDs in the format MASTG-APP-XXXX.
    • Includes all apps from:
      • 0x08b-Reference-Apps.md

We hope that the revamped structure enables you to navigate the MASTG more efficiently and access the information you need with ease. See below for a detailed list of changes.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for this new OWASP MASTG refactoring phase and for continuing spreading the word about the OWASP MAS project.

We'd also like to thank our new MAS Advocate applicants for waiting patiently while we get everything ready behind the scenes for them to help us efficiently.

πŸ’™ Thanks to Zimperium for their generous donation!


Carlos Holguera, Sven Schleier and Jeroen Beckers - OWASP MAS project


NOTE: the OWASP MASTG v1.7.0 relies on the latest MASVS v2.0.0

Help us improve! questions | ideas | contact


What's Changed

πŸ“’ News

  • Introducing the new MAS Testing Profiles and MASTG Atomic Tests proposals by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2424
  • Add news about the MAS Score Formula Proposal by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2436
  • News: MASVS-PRIVACY by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2459 ### πŸ§ͺ MASTG Test Cases
  • Proofreading fixes 0x05d part 4 by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2414
  • [ios_0x06d/0055] Fix the description of the keyboard cache location by @sohsatoh in https://github.com/OWASP/owasp-mastg/pull/2416
  • Update Android permission protection levels and introduced risk categories (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2423
  • Proofreading fixes 0x05d part 3 by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2413
  • Proofreading fixes 0x05d part 1 (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2427
  • Proofreading fixes 0x05e part 1 (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2426 ### πŸ“– MASTG Testing Fundamentals
  • Introduce App Attest by @lihter in https://github.com/OWASP/owasp-mastg/pull/2462 ### ✨ MASTG Testing Techniques
  • Taint analysis for Android Java code by @su-vikas in https://github.com/OWASP/owasp-mastg/pull/2390 ### πŸͺ„ MASTG Testing Tools
  • Replace Passionfruit with Grapefruit by @lihter in https://github.com/OWASP/owasp-mastg/pull/2451
  • Update r2frida guide examples to use : instead of \ for command start by @Shiva953 in https://github.com/OWASP/owasp-mastg/pull/2450 ### πŸ“œ Mobile Security Checklists
  • Changed value of statuscells in yamlto_excel.py by @bl13pbl03p in https://github.com/OWASP/owasp-mastg/pull/2417 ### πŸŽ‰ New Donators
  • Add Zimperium to God Mode Donators by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2440 ### Other Changes
  • Consolidate Contributors in the MAS Website by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2392
  • Fix broken download button in overview page by @ploar-bear in https://github.com/OWASP/owasp-mastg/pull/2410
  • UnCrackable L1 Solution using MobSF by @Xhoenix in https://github.com/OWASP/owasp-mastg/pull/2421
  • Update MASTG-TEST-0087 "Make Sure That Free Security Features Are Activated" (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2430
  • MASTG Refactor Part 2: Techniques, Tools & Reference Apps (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2439

New Contributors

  • @ploar-bear made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2410
  • @bl13pbl03p made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2417
  • @Xhoenix made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2421
  • @lihter made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2451
  • @Shiva953 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2450

Full Changelog: https://github.com/OWASP/owasp-mastg/compare/v1.6.0...v1.7.0

- Python
Published by github-actions[bot] over 2 years ago

mastg - v1.6.0

Following up on the OWASP MASVS v2.0.0 Release we're excited to announce the release of the new OWASP MASTG version v1.6.0. This update includes a range of new features, including the first phase of the MASTG refactoring, MASVS color-coding, upgraded MAS Checklists (for OWASP MASVS v2.0.0 + MASTG v1.6.0), and much more. See below for a detailed list of changes.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for the MASVS refactoring, the OWASP MASTG refactoring, the OWASP MAS website and this MASTG v1.6.0 release and for continuing spreading the word about the OWASP MAS project.

πŸ’™ Thanks to dvuln, eShard, OHRUS and devoteam Cyber Trust for their generous donations!


Carlos Holguera, Sven Schleier and Jeroen Beckers - OWASP MAS project


NOTE: the OWASP MASTG v1.6.0 relies on the latest MASVS v2.0.0

Help us improve! questions | ideas | contact


What's Changed

πŸ“’ News

Introducing the MASVS v2 Colors

We're bringing official colors to the MASVS! The new colors will be used across the MASVS v2.0.0 and MASTG v2.0.0 to help users quickly identify the different control groups. We've also revamped certain areas of our website to make them more readable and easier to navigate as well as to prepare for what's coming with the MASTSG v2.0.0 (keyword: "atomic tests").

masvs_colors

MASVS

In the MASVS home page, the new colors will be used to highlight the different control groups.

masvs_home

The individual controls will also be color-coded to help users quickly identify the different control groups. We've also redesigned the control pages to make them more readable and easier to navigate.

masvs_control

MASTG

Now, when you navigate to the MASTG tests, you'll see that they are categorized by platform (Android/iOS) as well as by MASVS category, also using our new colors in the sidebar. The colors will also be used to highlight the different control groups in the test description.

Each test now contains a header section indicating the platform, the MASVS v1.5.0 controls, and the MASVS v2.0.0 controls.

mastg_test

We've also introduced a new section called "Resources" which is automatically generated using the inline links within the MASTG pages and serve as a quick reference to the most important resources for each test.

NOTE: The MASTG tests themselves haven't changed yet, we're still working on the refactoring. For now we've simply split the tests into individual pages to make them easier to navigate and reference. This will facilitate the work on the refactoring and the introduction of the new atomic tests.

MAS Checklist

The MAS Checklist pages and the MAS checklist itself have also been updated to use the new colors to highlight the different control groups and to make them easier to navigate.

checklist_home

When you click on a MASVS group you'll see a table listing the new MASVS v2.0.0 controls as well as the corresponding MASTG tests (v1.5.0) for both the Android and the iOS platforms.

checklist_detail

NOTE: The checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles accordingly.


We hope you like the new colors and the changes we've made to the website. We're looking forward to your feedback! Please use our GitHub Discussions to post any questions or ideas you might have. If you see something wrong please let us know by opening a bug issue.

More News

  • Website Redesign and Restructure by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2242
  • Update Talks (Cybersec Chile) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2275
  • Add NSConnect 2022 Talk by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2302
  • Add Guidelines to Contribute with Crackmes by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2303
  • Added AppSec EU and US Talks by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2385
  • Update with MASVS v2 Release by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2397
  • Added Case Study by NowSecure by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2402
  • MASTG Transition Version by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2396 ### πŸ§ͺ MASTG Test Cases
  • Add static analysis details for Android keyboard cache by @DIvanov503 in https://github.com/OWASP/owasp-mastg/pull/2254
  • Recommend Using conscrypt for Old Android API Levels by @rlatapy-luna in https://github.com/OWASP/owasp-mastg/pull/2340
  • Deprecate Fragment Injection Test for MSTG-PLATFORM-2 by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2328
  • Proofreading fixes 0x05d part 1 by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2351
  • Proofreading fixes 0x05d part 2 by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2358
  • Add Test for Android Pending Intents to 0x05h by @su-vikas in https://github.com/OWASP/owasp-mastg/pull/2300
  • Add Test for Implicit Intent Injection (MSTG-PLATFORM-2) by @LukasMarckmiller in https://github.com/OWASP/owasp-mastg/pull/2056
  • Add codesign/ldid to the test Determining Whether the App is Debuggable (MSTG-CODE-2) by @sohsatoh in https://github.com/OWASP/owasp-mastg/pull/2296
  • Add otool command to 0x06i-Testing-Code-Quality-and-Build-Settings.md by @rsenet in https://github.com/OWASP/owasp-mastg/pull/2362
  • [Phase 1] Refactor 0x05h-Testing-Platform-Interaction.md (@NowSecure) by @angrymuffinx in https://github.com/OWASP/owasp-mastg/pull/2286
  • [Phase 1] Refactor 0x06j-Testing-Resiliency-Against-Reverse-Engineering.md by @iotaaxel in https://github.com/OWASP/owasp-mastg/pull/2321
  • [Phase 1] Refactor 0x0**-Testing-Code-Quality.md by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2381
  • [Phase 1] Refactor 0x06h-Testing-Platform-Interaction.md by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2380
  • [Phase 1] Refactor 0x0**-Testing-Resiliency-Against-Reverse-Engineering.md by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2382
  • [Phase 1] Refactor 0x0**-Local-authentication.md by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2377
  • [Phase 1] Refactor 0x0**-Testing-Network-Communication.md by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2378
  • [Phase 1] Refactor 0x0**-Testing-Cryptography.md by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2372
  • [Phase 1] Refactor 0x0**-Testing-Data-Storage.md by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2379 ### πŸ“– MASTG Testing Fundamentals
  • Proofreading fixes 0x04b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2276
  • Proofreading fixes 0x04c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2277
  • Proofreading fixes 0x04f by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2279
  • Proofreading fixes 0x04g by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2281
  • Proofreading fixes 0x04e by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2278
  • Proofreading fixes 0x04i by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2287
  • Proofreading fixes part 1 0x05a by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2289
  • Proofreading fixes part 2 0x05a by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2292
  • Proofreading fixes part 1 0x05b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2293
  • Proofreading fixes part 3 0x05b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2298
  • Proofreading fixes part 3 0x05b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2299
  • Proofreading fixes part 2 0x05b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2297
  • Add iOS tcpdump instructions to 0x06b and related mitmproxy reference to 0x08a by @cgarst in https://github.com/OWASP/owasp-mastg/pull/2326 ### ✨ MASTG Testing Techniques
  • Proofreading fixes part 1 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2301
  • Proofreading fixes part 2 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2304
  • Proofreading fixes part 3 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2327
  • Proofreading fixes part 4 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2330
  • Proofreading fixes part 5 5x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2332
  • Proofreading fixes part 6 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2333
  • Proofreading fixes part 7 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2349
  • Proofreading fixes part 8 0x05c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2350 ### πŸͺ„ MASTG Testing Tools
  • Add Vulnerable App Example to 0x4h & 2 new Reference Apps by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2284
  • Proofreading fixes 0x08b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2288
  • Add steps for Frida snippet generation from JADX by @cgarst in https://github.com/OWASP/owasp-mastg/pull/2331 ### ⚑ Automation
  • Add Dynamic Pages Support by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2342 ### πŸŽ‰ New Donators
  • Add dvuln to God Mode Donators by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2343
  • Add eShard to Good Samaritan Donators by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2347
  • Add OHRUS to Good Samaritan Donators by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2361
  • Add devoteam Cyber Trust to Honorable Benefactor Donators by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2405 ### 🐞 Errata Corrections
  • Fix typo by @CDuPlooy in https://github.com/OWASP/owasp-mastg/pull/2255
  • Proofreading fixes 0x02b by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2272
  • Proofreading fixes 0x02c by @Laancelot in https://github.com/OWASP/owasp-mastg/pull/2273
  • Remove deprecated method from iOS sample code by @vtourraine in https://github.com/OWASP/owasp-mastg/pull/2325
  • Fix Broken Link in 0x06c-Reverse-Engineering-and-Tampering.md by @rsenet in https://github.com/OWASP/owasp-mastg/pull/2363 ### Other Changes
  • Add tech writing training to style guide #2007 by @Amod02-prog in https://github.com/OWASP/owasp-mastg/pull/2251
  • Add Paper SicherheitsΓΌberprΓΌfung von mobilen iOS Apps nach OWASP (German) by @sushi2k in https://github.com/OWASP/owasp-mastg/pull/2256
  • Update 1HowCanYouContribute.md by @p2635 in https://github.com/OWASP/owasp-mastg/pull/2259
  • Add Crackmes Tab by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2266
  • Update nav bar by @p2635 in https://github.com/OWASP/owasp-mastg/pull/2264
  • Update links for crackmes page by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2274
  • Fix download link of the Russian MAS Checklist by @x0000ff in https://github.com/OWASP/owasp-mastg/pull/2334
  • Extend the status column in the MAS Checklists by @fujiokayu in https://github.com/OWASP/owasp-mastg/pull/2341
  • Restrict GITHUB_TOKEN permissions by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2239
  • Disable Restriction for GITHUB_TOKEN to be able to Release by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2407

New Contributors

  • @Amod02-prog made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2251
  • @CDuPlooy made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2255
  • @p2635 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2259
  • @DIvanov503 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2254
  • @Laancelot made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2272
  • @iotaaxel made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2291
  • @angrymuffinx made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2286
  • @cgarst made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2331
  • @vtourraine made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2325
  • @x0000ff made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2334
  • @rlatapy-luna made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2340
  • @LukasMarckmiller made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2056
  • @sohsatoh made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2296
  • @rsenet made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2362

Full Changelog: https://github.com/OWASP/owasp-mastg/compare/v1.5.0...v1.6.0

- Python
Published by github-actions[bot] almost 3 years ago

mastg - v1.5.0

We've been very busy with the OWASP MASVS refactoring but we're very excited to be able to bring you the new OWASP MASTG in its version v1.5.0 including loads of news including new Test Cases, Testing Fundamentals, upgraded MAS Checklists and many more, see below.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for the MASVS refactoring, the OWASP MAS rebranding, the brand new OWASP MAS website and this MASTG v1.5.0 release and for continuing spreading the word about the OWASP MAS project.


Carlos Holguera & Sven Schleier - OWASP MAS project


NOTE: the OWASP MASTG v1.5.0 relies on the latest MASVS v1.4.2


What's Changed

πŸ“’ News

New "Trusted By" Section & CREST OVS

trusted-by-logos

Introducing the "MAS Advocate" Status

image

Add Google's ADA MASA

Screenshot 2022-09-06 at 10 20 22

Project Rebranding to OWASP MAS

mas-rebranding

twitter-rename

OWASP MAS New Website

mas_new_website

  • Add Trusted By Section and Adopters by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2059
  • Add CREST and CREST OVS by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2172
  • Introducing the "MAS Advocate" Status by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2132 *Add Google's ADA MASA (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2128
  • First Update to MAS and MASTG by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2179
  • Add MASTG New Cover for PDF by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2205
  • Update Twitter Handle to @OWASP_MAS by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2186
  • Rename MSTG to MASTG & link to New Website mas.owasp.org by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2195 ### πŸ§ͺ MASTG Test Cases
  • MSTG-CODE-1 Add Link to Latest Code Signature Format for iOS by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2025
  • Testing Instant Apps is now in 0x05b (Basic Security Testing) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2039
  • MSTG-NETWORK-1 Added clearText Traffic Info by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2037
  • MSTG-CODE-9 Update Xcode Menu Options for PIE Protection by @ichistmeinname in https://github.com/OWASP/owasp-mastg/pull/2078
  • MSTG-CODE-1 Enhance iOS Code Signing Section (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2102
  • MSTG-PLATFORM-1 Introducing Privacy-Friendly Alternatives to Requesting Permissions by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/1993
  • MSTG-PLATFORM-2 MSTG-PLATFORM-3 Enhance Android Deep Link Testing (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2090
  • MSTG-PLATFORM-10 Add WebViews Cleanup by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/1984
  • Add coverage for MSTG-CODE-9 on Android by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2089
  • MSTG-NETWORK-1-4 Fix Network Security Testing on Android and iOS (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2042
  • MSTG-RESILIENCE-5 Update Emulation Available on iOS by @t3chn0m4g3 in https://github.com/OWASP/owasp-mastg/pull/2167 ### πŸ“– MASTG Testing Fundamentals
  • 0x06b - Upgrade Jailbreak section by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/1943
  • Fix Deprecated SecKeyEncrypt Class (iOS) by @fujiokayu in https://github.com/OWASP/owasp-mastg/pull/2083
  • 0x04e - About OTP Authentication Checks by @Saket-taneja in https://github.com/OWASP/owasp-mastg/pull/1938
  • Added instructions explaining how to move certificate from user to root store by @DemanNL in https://github.com/OWASP/owasp-mastg/pull/1915
  • Key Management Updates for iOS and Android by @vixentael in https://github.com/OWASP/owasp-mastg/pull/2127
  • CRYPTO: Export and import crypto regulations by @julepka in https://github.com/OWASP/owasp-mastg/pull/1885
  • 0x06b - Update Jailbreak Content (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2145
  • Add FIPS 140-2 validated info for corecrypto by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2144
  • Improve the Android Architecture Section (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2118
  • Add New References to Android API changes (by @NowSecure) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2153
  • Updated Symmetric and Asymmetric Encryption Description by @dmagnate in https://github.com/OWASP/owasp-mastg/pull/2139 ### ✨ MASTG Testing Techniques
  • 0x05c - Update Angr Example to Angr 9.2.2 by @kousha1999 in https://github.com/OWASP/owasp-mastg/pull/2103
  • Enabling Safari Web Inspector on iOS by @lndevel in https://github.com/OWASP/owasp-mastg/pull/2112
  • Update Corellium info and about decrypting IPAs by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2124 ### πŸͺ„ MASTG Testing Tools
  • New Chapter for Reference Apps #2142 by @wwwhackcom in https://github.com/OWASP/owasp-mastg/pull/2156
  • Add APKLab for Android by @fujiokayu in https://github.com/OWASP/owasp-mastg/pull/2177 ### ⚑ Automation
  • Update Changelog Automation by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2057
  • Add GitHub Action for codespell by @cclauss in https://github.com/OWASP/owasp-mastg/pull/2069
  • Fix All Markdown Lint Issues and Broken Links by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2143
  • Auto-label PRs by @witzki in https://github.com/OWASP/owasp-mastg/pull/2101
  • Enhance Auto Release Notes by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2234
  • Add MASVS version to MASTG PDF by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2235 ### πŸ“œ MAS Checklists
  • Increase Checklist Test Coverage Including Tests from the 0x04* Chapters by @fujiokayu in https://github.com/OWASP/owasp-mastg/pull/2085
  • Add Common Test Case Column to Checklist by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2208

Checklist test coverage changes: removed (2) added (13) updated (51)

πŸŽ‰ New Donators

  • Thanks Corellium by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2174 ### 🐞 Errata Corrections
  • Update broken links by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2038
  • Fixing typos and more in the Android Crypto Chapter by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/1992
  • Fix spelling by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2049
  • Fix typos discovered by codespell by @cclauss in https://github.com/OWASP/owasp-mastg/pull/2067
  • Fixed Typos in 0x04i-Testing-User-Privacy-Protection by @wassef911 in https://github.com/OWASP/owasp-mastg/pull/2123
  • Fix Intros in Cryptography Chapters (by @NowSecure) by @corielynch in https://github.com/OWASP/owasp-mastg/pull/2051
  • Fix typo in 0x04f-Testing-Network-Communication.md by @dturner42 in https://github.com/OWASP/owasp-mastg/pull/2178
  • Resolved broken link to OWASP MASTG authors and co-authors (#2197) ; by @chantzlarge in https://github.com/OWASP/owasp-mastg/pull/2198
  • Resolved broken link to OWASP MASTG Contributors (#2199) ; by @chantzlarge in https://github.com/OWASP/owasp-mastg/pull/2200
  • Fix lulu.com links by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2203 ### Other Changes
  • Improve README UX by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2061
  • Fix chapter outline for 0x04g (Mobile App Cryptography) by @cpholguera in https://github.com/OWASP/owasp-mastg/pull/2040
  • Change markdown images to html images by @TheDauntless in https://github.com/OWASP/owasp-mastg/pull/2126

New Contributors

  • @cclauss made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2067
  • @ichistmeinname made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2078
  • @kousha1999 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2103
  • @lndevel made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2112
  • @wassef911 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2123
  • @DemanNL made their first contribution in https://github.com/OWASP/owasp-mastg/pull/1915
  • @dmagnate made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2139
  • @witzki made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2101
  • @wwwhackcom made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2156
  • @t3chn0m4g3 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2167
  • @dturner42 made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2178
  • @chantzlarge made their first contribution in https://github.com/OWASP/owasp-mastg/pull/2198

Full Changelog: https://github.com/OWASP/owasp-mastg/compare/v1.4.0...v1.5.0

- Python
Published by github-actions[bot] over 3 years ago

mastg - v1.4.0

What's Changed

OWASP Mobile App Security Checklists

The highly anticipated OWASP Mobile App Security Checklists are back including very exciting news.

checklists_update

New Features of the MASVS Checklists

  • Completely automated: generated from scratch using openpyxl.
  • Multi-language: now available in all 13 MASVS languages.
  • Always up-to-date: from now on released with every new MSTG version & always using the latest MASVS.
  • New clean design: consistent with our new identity.
  • Simpler structure: all MASVS categories in one sheet.
  • Traceable: include exact MASVS and MSTG versions and commit IDs.

checklists_features

Using the Checklists

  • Use the "Status" column to:
    • Discard controls by selecting N/A
    • Set the result of a test by selecting Pass or Fail.
  • Add more columns or sheets as you wish or need. For instance:
    • Duplicate & rename sheet to test for different platforms.
    • Simply copy & paste the "Status" column to cover additional platforms (rename title accordingly).

Feedback

Your feedback is essential for the development of the project. If you have any comments or new ideas please post them here:

https://github.com/OWASP/owasp-mstg/discussions/new?category=ideas

Other Changes

  • Update README.md by @sushi2k in https://github.com/OWASP/owasp-mstg/pull/2018
  • Upgrade NowSecure to God Mode donator by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/2021
  • Fixed link by @Brasco in https://github.com/OWASP/owasp-mstg/pull/2032
  • Automated Checklist and YAML Generation by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/2010

New Contributors

  • @corielynch made their first contribution in https://github.com/OWASP/owasp-mstg/pull/2029
  • @Brasco made their first contribution in https://github.com/OWASP/owasp-mstg/pull/2032

Full Changelog: https://github.com/OWASP/owasp-mstg/compare/v1.3.0...v1.4.0

- Python
Published by github-actions[bot] about 4 years ago

mastg - v1.3.0

What's Changed

Changes in MSTG Content

  • [Android Tool] Replace Outdated Drozer when Possible by @righettod in https://github.com/OWASP/owasp-mstg/pull/1904
  • [MSTG-CODE-9] Update iOS Binary Protection Checks by @su-vikas in https://github.com/OWASP/owasp-mstg/pull/1925
  • [MSTG-CODE-3] Add iOS Debugging Symbols Inspection by @su-vikas in https://github.com/OWASP/owasp-mstg/pull/1930
  • [0x05a] Add APK Signature Scheme (v4) by @Saket-taneja in https://github.com/OWASP/owasp-mstg/pull/1937
  • [0x06c] Add Patching Example for Debugging iOS Apps by @su-vikas in https://github.com/OWASP/owasp-mstg/pull/1932
  • [0x04e] Add check for JWT Claim by @Saket-taneja in https://github.com/OWASP/owasp-mstg/pull/1939
  • [0x06c] Add section Loaded Native Libraries by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1948
  • [0x06a] Add Visual Studio App Center by @anantshri in https://github.com/OWASP/owasp-mstg/pull/1963
  • [MSTG-STORAGE-12] Add Privacy Labels and Rework Privacy Chapter by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1988 ### Errata Corrections (typos & more)
  • Minor spelling correction of "Wether" in MSTG-STORAGE-10 by @Narendran36 in https://github.com/OWASP/owasp-mstg/pull/1936
  • Update dated/broken links in the docs by @PeterDaveHello in https://github.com/OWASP/owasp-mstg/pull/1940
  • Fix Broken Link by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1941
  • correcting local build instructions. by @anantshri in https://github.com/OWASP/owasp-mstg/pull/1954
  • Correcting link errors based on failed checks by @anantshri in https://github.com/OWASP/owasp-mstg/pull/1955
  • Fix typo in 0x06i-Testing-Code-Quality-and-Build-Settings.md by @chrihala in https://github.com/OWASP/owasp-mstg/pull/1969
  • fix lvl 6 heading by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1973
  • Fix link in 0x6g by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1990 ### New Donators
  • [Donator] Add ZIMPERIUM by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1952 ### Other Changes
  • Add donations issue form template by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1947
  • Update mlc_config.json by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1958
  • Enable CodeQL Analysis by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1966
  • Upgrade all workflows to actions/checkout@v2 by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/2013
  • Upgrade Release Process by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/2015

New Contributors

  • @Narendran36 made their first contribution in https://github.com/OWASP/owasp-mstg/pull/1936
  • @PeterDaveHello made their first contribution in https://github.com/OWASP/owasp-mstg/pull/1940
  • @Saket-taneja made their first contribution in https://github.com/OWASP/owasp-mstg/pull/1937
  • @anantshri made their first contribution in https://github.com/OWASP/owasp-mstg/pull/1954
  • @chrihala made their first contribution in https://github.com/OWASP/owasp-mstg/pull/1969

Full Changelog: https://github.com/OWASP/owasp-mstg/compare/v1.2.1...v1.3.0

- Python
Published by github-actions[bot] about 4 years ago

mastg - v1.2.1

What's Changed

Minor release without relevant content changes.

  • Fixing semantic versioning by @cpholguera
  • Add citation file by @cpholguera in https://github.com/OWASP/owasp-mstg/pull/1934

Full Changelog: https://github.com/OWASP/owasp-mstg/compare/v1.2...v1.2.1

- Python
Published by github-actions[bot] about 4 years ago

mastg - v1.2

Changelog

OWASP MSTG - Release v1.2 - 25th July 2021

167 issues were closed since the last release. A full overview can be seen in Github Issues https://github.com/OWASP/owasp-mstg/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-08-03..2021-07-25.

326 pull requests were merged since the last release. A full overview can be seen in Github Pull Requests https://github.com/OWASP/owasp-mstg/pulls?q=is%3Apr+is%3Aclosed+closed%3A2019-08-03..2021-07-25

Major changes include:

  • Migrating the new document build pipeline from MASVS to MSTG. This allows us to build consistently the whole OWASP MSTG documents (PDF, docx etc.) in minutes, without any manual work.
  • Besides numerous changes for the test cases we have a new Crackme - Android Level 4 https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/Android/Level_04 and also new write-ups for the Crackmes.
  • We removed all references to Needle and IDB tool, as both tools are outdated.
  • References of OWASP Mobile Top 10 and MSTG-IDs are completely moved to MASVS
  • Reworking of information gathering (static analysis) for Android Apps
  • Update of Biometric Authentication for Android Apps
  • New content and updates in the Android and iOS Reverse Engineering and Tampering chapters
  • 3 new iOS Reverse Engineering test cases
  • Translations of the MSTG are linked to the respective forks but are not part of the MSTG anymore
  • Updated English, Japanese, French, Korean and Spanish checklists to be compatible with MSTG 1.2
  • Updated Acknowledgments, with 1 new co-author and contributor
  • Added JNI Tracing for Android
  • Added dsdump for dumping Objective-C and Swift content
  • Added the procedure to sign the debugserver for iOS 12 and higher
  • Added dependency-check to verify for vulnerabilities in libraries added by iOS package managers
  • Added getppid as debugger detection (iOS)
  • Added Domain/URL Enumeration in APKs
  • Added introduction into Network.framework (iOS)
  • Added UnSAFE Bank iOS Application
  • Added information on SECCOMP (Android)
  • Added native and java method tracing (Android)
  • Added Android library injection
  • Added Android 10 TLS and cryptography updates
  • Updated code obfuscation for Android and iOS
  • Added test case for Reverse Engineering Tools Detection - MSTG-RESILIENCE-4 (iOS)
  • Added test case for Emulator Detection - MSTG-RESILIENCE-5 (iOS)
  • Added an example with truststore to bypass cert pinning (Android)
  • Added content to information gathering using frida (Android)
  • Added Sec Consult, RandoriSec and OWASP Bay area as donators
  • Added basic information gathering for Android and iOS
  • Added Simulating a Man-in-the-Middle Attack with an Access Point
  • Added gender neutrality to the MSTG
  • Extended section about dealing with Xamarin Apps
  • Updated all picture links (img tags) to be in markdown syntax
  • Updated iTunes limitations and usage since macOS Catalina
  • Added Emulation-based Analysis (iOS and Android)
  • Added Debugging iOS release applications using lldb
  • Added Korean translation of the checklist
  • Updated symbolic execution content (Android)
  • Added Ghidra for Android Reverse Engineering
  • Added section on Manual (Reversed) Code Review for iOS
  • Added explanation of more Frida APIs (iOS and Android)
  • Added Apple CryptoKit
  • Updated and simplified Frida detection methods
  • Added introduction to setup and disassembling for iOS Apps
  • Updated section about frida-ios-dump
  • Added gplaycli (Android)
  • Extended section on how to retrieve UDI (iOS)
  • Added new companies in the Users.md list with companies applying the MSTG/MASVS
  • Updated partially code samples to Swift 5
  • Adding Process Exploration (Android and iOS)
  • Updated best practices for passwords, added "Have I Been Pwned"
  • Updated SSL Pinning fallback methods
  • Updated app identifier (Android and iOS)
  • Updated permission changes for Android O, P and Q
  • Updated Broadcast Receiver section (Android)

Several other minor updates include fixing typos and markdown lint errors and updating outdated links.

We thank you all contributors for the hard work and continuously improving the document and the OWASP MSTG project!

- Python
Published by github-actions[bot] over 4 years ago

mastg - Intermediate update 1.1.3-excel

Intermediate update (1.1.3-excel). See CHANGELOG.md for updates on intermediate update releases.

- Python
Published by commjoen over 6 years ago

mastg - Intermediate update 1.1.3 (OSS Release)

What's Changed

  • Updated Acknowledgments, with 2 new co-authors.
  • Translated various parts into Japanese.
  • A large restructuring of the general testing, platform specific testing and reverse-engineering chapters.
  • Updated description of many tools: Adb, Angr, APK axtractor, Apkx, Burp Suite, Drozer, ClassDump(Z/etc), Clutch, Drozer, Frida, Hopper, Ghidra, IDB, Ipa Installer, iFunBox, iOS-deploy, KeychainDumper, Mobile-Security-Framework, Nathan, Needle, Objection, Magisk, PassionFruit, Radare 2, Tableplus, SOcket CAT, Xposed, and others.
  • Updated most of the iOS hacking/verification techniques using iOS 12 or 11 as a base instead of iOS 9/10.
  • Removed tools which were no longer updated, such as introspy-Android and AndBug.
  • Added missing MASVS references from version 1.1.4: v1.X, V3.5, V5.6, V6.2-V6.5, V8.2-V8.6.
  • Rewrote device-binding explanation and testcases for Android.
  • Added parts on testing unmanaged code in Objective-C, Java, and C/C++.
  • Applied many spelling, punctuation and style-related fixes.
  • Updated many cryptography related parts.
  • Added testaces for upgrade-mechanism verification for apps.
  • Updated Readme, Code of Conduct, Contribution guidelines, verification, funding link, and generation scripts.
  • Added ISBN as the book is now available at Lulu.
  • Added various fixes for the .epub format.
  • Added testcases on Android and iOS backup verification.
  • Improved key-attestation related explanation for Android.
  • Restructured OWASP Mobile Wiki.
  • Removed Yahoo Weather app and simplified reference on using SQL injection.
  • Improve explanation for iOS app sideloading to include various available methods.
  • Added explanation on using ADB and device shell for Android.
  • Added explanation on using device shell for iOS.
  • Provided comparison for using emulators/simulators and real devices for iOS/Android.
  • Fixed Uncrackable Level 3 for Android.
  • Improved explanation on how to exfiltrate data and apps on iOS 12 and Android 8.
  • Improved/updated explanation on SSL-pinning.
  • Added list of adopters of the MASVS/MSTG.
  • Updated English, Japanese, French and Spanish checklists to be compatible with MSTG 1.1.2.
  • Added a small write-up on Adiantum for Google.
  • Added MSTG-ID to the paragraphs to create a link between MSTG paragraphs and MASVS requirements.
  • Added review criteria for Android instant apps and guidance for app-bundle evaluation.
  • Clarified the differences between various methods of dynamic analysis.

- Python
Published by OMTGreleaser over 6 years ago

mastg - Intermediate update 1.1.2: Excel edition!

This is a special release with the new compliance lists for 1.1.2 only. Grab them while they're hot!

- Python
Published by commjoen over 6 years ago

mastg - Intermediate update 1.1.2

What's Changed

  • Added missing mappings for MASVS V1.X.
  • Updated markdown throughout the English MSTG to be consistent.
  • Replaces some dead links.
  • Improvements for rendering as a book, including the ISBN number.
  • Updated the Excel: it is now available in Japanese as well!
  • Many punctuation corrections, spelling and grammar issues resolved.
  • Added missing iOS test case regarding memory corruption issues.
  • Added contributing, code of conduct, markdown linting and dead link detection.

- Python
Published by OMTGreleaser almost 7 years ago

mastg - Intermediate update 1.1.1

What's Changed

  • Improvements on various tool related parts, such as how to use on-device console, adb, nscurl, Frida and Needle.
  • Updated 0x4e regarding SMS communication.
  • Many grammar/style updates.
  • Added Android description regarding MASVS requirement 7.8.
  • Updated contributor list.
  • Various updates on instructions regarding TLS and encryption.
  • Removed some erroneous information.
  • Fixed parts of the alignment of the MASVS requirements with the MSTG.
  • Updated information on various topics such as jailbreaking and network interception on both iOS and Android.
  • Added some steps for Frida detection.
  • Added write-ups on Android changes, regarding permissions, application signing, device identifiers, key attestation and more.
  • Extended guidance on SafetyNet attestation.
  • Added information on Magisk.
  • Added Firebase misconfiguration information.
  • Added references to more testing tools.
  • Updated contributor list.
  • Added a lot of information to iOS platform testing.
  • Added a lot of fixes for our book-release.

- Python
Published by commjoen almost 7 years ago

mastg - Intermediate update 1.1-excel

Intermediate update (1.1-excel). See CHANGELOG.md for updates on intermediate update releases.

- Python
Published by commjoen about 7 years ago

mastg - 1.1.0 - covering MASVS 1.1.0

What's Changed

  • Added more samples in Kotlin.
  • Simplified leanpub and gitbook publishing.
  • A lot of QA improvements.
  • Added deserialization test cases for iOS, including input sanitization.
  • Added test cases regarding device-access-security policies and data storage on iOS.
  • Added test cases regarding session invalidation.
  • Improved cryptography and key management test cases on both Android and iOS.
  • Started adding various updates in the test cases introduced by Android Oreo and Android Pie.
  • Refreshed the Testing Tools section: removed some of the lesser maintained tools, added new tools.
  • Fixed some of the markdown issues.
  • Updated license to CC 4.0.
  • Started Japanese translation.
  • Updated references to OWASP Mobile Top 10.
  • Updated Android Crackmes.
  • Fixed some of the anti-reverse-engineering test cases.
  • Added debugging test case for iOS.

- Python
Published by commjoen about 7 years ago

mastg - Intermediate update 1.0.2

What's Changed

  • Updated guiding documentation (README).
  • Improved automated build of the pdf, epub and mobi.
  • Updated Frontispiece (given new contributor stats).
  • Added attack surface sections for Android and various.
  • Added vulnerable apps for testing skills.
  • Improved sections for testing App permissions for Android (given android Oreo/Pie), added section for testing permissions on iOS.
  • Added fix for Fragment Injection on older Android versions.
  • Improved sections on iOS WebView related testing.

- Python
Published by commjoen over 7 years ago

mastg - Intermediate update 1.0.1

What's Changed

  • Updated guiding documentation (README, PR templates, improved style guide, issue templates).
  • Added automated build of the pdf and DocX.
  • Updated Frontispiece (given new contributor stats).
  • Updated Crackmes and guiding documentation.
  • Updated tooling commands (adb, ABE, iMazing, Needle, IPAinstaller, etc.).
  • Added first Russian translations of the 1.0 documents for iOS.
  • Improved URLs for GitBook using goo.gl in case of URLs with odd syntax.
  • Updated Frontispiece to give credit to all that have helped out for this version.
  • Clarified the app taxonomy & security testing sections by a rewrite.
  • Added sections for network testing, certificate verification & SSL pinning for Cordova, WebView, Xamarin, React-Native and updated the public key pinning sections.
  • Removed no longer working guides (e.g. using iTunes to install apps).
  • Updated a lot of URLs (using TLS wherever possible).
  • Updated tests regarding WebViews.
  • Added new testing tool suites in the tools section, such as the mobile hack tools and various dependency checkers.
  • Updated test cases regarding protocol handlers (added missing MASVS 6.6 for iOS).
  • Many small updates in terms of wording, spelling/typos, updated code segments and grammar.
  • Added missing test cases for MASVS 2.11, 4.7, 7.5 and 4.11.
  • Updated the XLS Checklist given MASVS 1.1.0.
  • Removed the clipboard test from iOS and Android.
  • Removed duplicates on local storage testing and updated data storage test cases.
  • Added write-ups from the mobile security sessions at the OWASP summit.
  • Added anti-debugging bypass section for iOS.
  • Added SQL injection & XML injection samples and improved mitigation documentation.
  • Added Needle documentation for iOS.
  • Added fragment injection documentation.
  • Updated IPA installation process guidance.
  • Added XSS sample for Android.
  • Added improved documentation for certificate installation on Android devices.
  • Updated Frida & Fridump related documentation.
  • Added sections about in-memory data analysis in iOS.
  • Updated software development and related supporting documentation.
  • Updated (anti) reverse-engineering sections for Android and iOS.
  • Updated data storage chapters given newer tooling.
  • Merged SDLC and security testing chapters.
  • Updated cryptography and key-management testing sections for both Android and iOS (up to Android Nougat/iOS 11).
  • Updated general overview chapters for Android and iOS.
  • Updated Android and iOS IPC testing.
  • Added missing overviews, references, etc. to various sections such as 0x6i.
  • Updated local authentication chapters and the authentication & session management chapters.
  • Updated test cases for sensitive data in memory.
  • Added code quality sections.

- Python
Published by commjoen over 7 years ago

mastg - Test release

- Python
Published by commjoen over 7 years ago