-
At the moment only english is set as language in Gitbook. Need to change the structure of .gitbook.yaml so it shows all languages and we can navigate through them in Gitbook
See also: https://docs…
-
Unlike the OWASP OTG Testing Checklist (https://www.owasp.org/index.php/Testing_Checklist), the OWASP MSTG Checklist is lacking the "Category" field for the various checklist items. The category allow…
-
Payload encryption is something that has often risen within the security community as an addition to TLS based controls. We tried to keep it out for a long time. But it did come back in, for instance,…
-
I miss a requirement in MASVS that apps with sensitive data should not support third-party keyboards. Now that a [bug in iOS 13 and iPadOS](https://support.apple.com/en-us/HT210613) can result in keyb…
-
When 1.2 and of the masvs is released and the os19 mstg release is done we should;
- [x] Put in the mstg ids in the excel
- [x] Make sure we cover v1.x
-
The MASVS currently has the focus on securing the data of the user. Next would be to secure the context of a user. Part of that should include the location-related context. We need to:
- reassure tha…
-
we might want to add a hint that paid content could use L2 and possible R protection in the first sections of the masvs
-
**Describe the issue**
Check the wording of each requirement in MASVS with column C in the excel checklist and verify if all requirements are aligned.
-
From https://github.com/OWASP/owasp-masvs/issues/189:
- [ ] how which meta-infromation can help (location, etc.) and which events should be covered (auth, change password, hitting important resources…
-
MASVS: Have a requirement on that the app provides clear explanation on why access to device data or sensors is needed as stated in #203. Currently we have `2.12 | MSTG‑STORAGE‑12 | The app educates t…