-
MASVS 6.8: Object deserialization, if any, is implemented using safe serialization APIs.
See Android Test Case: https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guid…
-
MASVS 3.3: The app uses cryptographic primitives that are appropriate for the particular use-case, configured with parameters that adhere to industry best practices.
See Android test case https:/…
-
See Android test case https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05e-testing-cryptography#testing-key-management
-
Noticed that in https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06f-Testing-Local-Authentication.md a reference to the OWASP MASVS is incorrect:
V4.8: "Biometric authentication, if any, …
-
I just realised that we didn't describe MASVS 7.8 "In unmanaged code, memory is allocated, freed and used securely." in neither the Android nor iOS section of the MSTG.
I would propose to remove 7.…
-
**Platform:**
iOS, Android
**Description:**
A user should be instructed on:
- Privacy: (Europa: GDPR: consent, privacy, etc. eULA, etc.)
- Sharing devices and fingerprints
- Having a lockscreen
…
-
Hi @coky-t ! Given your hard work on the translation of the MASVS & MSTG, I'dd like to get in touch with you. Are you on OWASP Slack? and otherwise: can you mail me at jeroen.willemsen@owasp.org?
-
MASVS 6.6 WebViews are configured to allow only the minimum set of protocol handlers required (ideally, only https is supported). Potentially dangerous handlers, such as file, tel and app-id, are disa…
-
It is described as CC BY-SA 3.0 in README.md and LICENSE file.
But in the text of 0x02-Frontispiece.md it is described as CC BY-SA 4.0 .
And in the image of 0x02-Frontispiece.md it is described as C…
-
Hi @coky-t ! Given your hard work on the translation of the MASVS & MSTG, I'dd like to get in touch with you. Are you on OWASP Slack? and otherwise: can you mail me at jeroen.willemsen@owasp.org?