-
Based on https://github.com/OWASP/owasp-masvs/issues/132, we should have a MSTG-ARCH-3 testcase with explanation on the risks of bluetooth/nfc/etc. and reference to the testcase for payload encryption…
-
Some URLs are broken, see https://github.com/OWASP/owasp-mstg/runs/6897262028?check_suite_focus=true
Search for [✖] in the log below.
- If you are able to open the link you may need to add an …
-
The MASVS currently has the focus on securing the data of the user. Next would be to secure the context of a user. Part of that should include the secondary type of connectionst. We need to:
- reassu…
-
See: https://owasp.slack.com/archives/C1M6ZVC6S/p1619646553041600
URL: https://developer.android.com/training/articles/security-ssl#Pinning
ioXT (where Google is also part of) is still suggestin…
-
Similar like the WSTG, it would be great to have section numbers as well. (As suggested by @ThunderSon )
https://github.com/OWASP/wstg/blob/master/document/4_Web_Application_Security_Testing/4.1_In…
-
### Expected behavior
- 4.11 https://github.com/OWASP/owasp-masvs/blob/master/Document/0x09-V4-Authentication_and_Session_Management_Requirements.md
-
As part of #203 we have the following point of investigation: ASVS/MASVS: Consider using asymmetric cryptography for authentication and authorization purposes. Generate and use the private key directl…
-
Hello,
I can't convert any Markdown document to PDF.
I'm using the last image available on Dockehub + podman on the last Fedora release
Here are the commands i tried :
```
podman run --p…
-
Does ASVS cover desktop apps? If so, should we recommend certificate pinning for level 3? I think this is something that the application and not the OS will have to handle.
However, I note that the…
-
export.py script is broken for me and in the mean time we have "generate-json.py" and "generate-csv.py" which seem to work better.
How do we want to proceed?