-
In "Basic Security Testing" (Android), 'App' should be replaced with 'application' (with a lower case 'a') throughout the whole chapter.
-
Hi guys,
Here's an issue for discussion - see also [MASVS issue #75.](https://github.com/OWASP/owasp-masvs/issues/75)
[OMTG-DATAST-003: Test for Sensitive Data in Cloud Storage](https://github.c…
-
The link to the MASVS Github repo is broken on https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide. It points to https://github.com/OWASP/owasp-mstg rather than https://github.com/OWAS…
-
I think this section is suffering from not having "sensitive data" defined. If "sensitive data" is referring to credentials only, then I guess most of the requirements make sense. If sensitive data is…
-
5.1: To me, "sensitive" here is used differently than in the rest of the standard. Take an application like Whatsapp for example. I would argue that all the text messages are sensitive enough to send …
-
This chapter is located in /Document/Testcases/0x00_OMTG-DATAST.md From what I understood it should be placed in the root of the /Document folder.
-
6.2 & 6.3: Sanitization isn't always necessary, so maybe it would make sense to merge 6.2 and 6.3 and say something like "All inputs from external sources are validated and if necessary sanitized. [..…
-
Hi guys, we have CWE and Top 10 references in both OWASP-DATAST and OWASP-DATAST-Android sections. Can we keep these in the generic section only to avoid redundancies.
-
Hello,
I think there is an overlap between the following testcases :
OMTG-CODE-007: Test Input Validation
OMTG-CODE-005: Test Exception Handling
I suggest that we keep only OMTG-CODE-005 be…
-
In the guide we created in Google Docs we had also references to CWE and the OWASP Mobile Top 10. I think we should continue this, to reference properly to a common vulnerability type or weakness if o…