-
MASVS 6.4: Verify that the app does not export sensitive functionality through IPC facilities, unless these mechanisms are properly protected.
See Android test case: https://mobile-security.gitboo…
-
'。' is a punctuation in Chinese like '.' in English.
I hope the new version supports this punctuation.
-
See also https://github.com/OWASP/owasp-mstg/issues/1139
-
MASVS 7.8 is missing for both iOS and Android:
| **7.8** | In unmanaged code, memory is allocated, freed and used securely. | ✓ | ✓ |
- [x] Explain what it is in general testing guide in terms o…
-
Please make sure we use the same code of conduct as at the mstg and a similar contributing.
This does mean that we have the following steps to take:
- [x] Copy MSTG code of conduct and see if it nee…
-
The Github Repo has almost 70MB.
```bash
$ owasp-masvs git:(master) git rev-list --objects --all \
| git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' \
| sed -n 's…
-
Few suggestions for chapter 8.
| **8.10** | MSTG‑RESILIENCE‑10 | The app utilises, and responds to system APIs that report on harmful applications and tampering of the device. | ✓ |
Add require…
-
The changelog is currently not translated to Japanese:
https://github.com/OWASP/owasp-masvs/blob/master/Document-ja/CHANGELOG.md
-
The changelog is currently not translated to Chinese:
https://github.com/OWASP/owasp-masvs/blob/master/Document-zhtw/CHANGELOG.md
-
We currently don't have an entry for this vuln type. The idea is that if a mobile app allows copy/paste functionality on sensitive inputs (such as CC/SSN) a user could use the copy functionality which…