-
Hi,
we have two test cases that both go somehow in the same direction:
- V6.6: "WebViews are configured to allow only the minimum set of protocol handlers required (ideally, only https is suppor…
-
[V4 says](https://github.com/OWASP/owasp-masvs/blob/master/Document/0x09-V4-Authentication_and_Session_Management_Requirements.md):
>4.2. The remote endpoint uses randomly generated access tokens t…
Sjord updated
7 years ago
-
line 5: I wouldn't say "measure the security", but rather something like: "provide a standard to compare against".
line 13: "MASVS-R helps defend against specific threats when the end user is mali…
-
-
Hello,
I think there is an overlap between the following testcases :
OMTG-CODE-007: Test Input Validation
OMTG-CODE-005: Test Exception Handling
I suggest that we keep only OMTG-CODE-005 be…
-
Hi guys,
Here's an issue for discussion - see also [MASVS issue #75.](https://github.com/OWASP/owasp-masvs/issues/75)
[OMTG-DATAST-003: Test for Sensitive Data in Cloud Storage](https://github.c…
-
I am just starting with the environment section to create the test case in the MSTG and think we should merge the following requirements:
> 6.6 JavaScript is disabled in WebViews unless explicitly …
-
In this thread I'd like so summarize some of the feedback / criticism I've received regarding how we handle software protections in the MASVS.
The general theme is that the MASVS focuses too much o…
-
line 13: "The Mobile Application Security Verification Standard can be used as an open book verification of a mobile app". Not sure I'm parsing the sentence correctly, but maybe it would be clearer to…
-
5.1: To me, "sensitive" here is used differently than in the rest of the standard. Take an application like Whatsapp for example. I would argue that all the text messages are sensitive enough to send …