-
## Description
Create a new risk for "Hardcoded Cryptographic Keys in Use (MASVS-CRYPTO-2)" using the following information:
One thing is to include hardcoded keys in the code, another is to u…
-
## Description
Create a new risk for "Weak Hashing (MASVS-CRYPTO-1)" using the following information:
Utilizing weak hashing algorithms such as MD5 and SHA1 in a security sensitive context may com…
-
To-Do pushed to next release:
- [ ] Parse the log output in GitHub actions to detect overflows that might cause issues in the produced artefacts (PDF etc.); meaning missing line breaks (happens for e…
-
(Thanks for reporting an issue! Please make sure you click the link above to view the issue guidelines, then fill out the blanks below.)
What are the steps to reproduce this issue?
---------------…
-
Because of several issues with gitbook-cli, its status, and calibre issues I am seeking for a replacement or help with a solution which works.
The goal is:
* to enable almost everybody to build …
-
## Description
Create a new risk for "Backup Unencrypted (MASVS-STORAGE-2)" using the following information:
The app may not encrypt sensitive data in backups, which may compromise data confiden…
-
As described here: https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06b-Basic-Security-Testing.md
There you find the following command:
`iPhone:~ root# socat - UNIX-CONNECT:/var/run/lo…
-
**Platform:**
iOS, Android
**Description:**
The current MSTG test cases for the screenshot on mobile devices state and restrains the screenshots for application when it is in the background. How…
-
alright so near the end of the program i get a lot of errors and I don't know if i downloaded it wrong or something, but here they are:
dyldmagic_64.m:38:9: warning: 'LC_SEGMENT' macro redefined [-Wma…
-
The MSTG currently deals with non-proxy aware apps using one of the two methods:
- iptables
- ARP spoofing
I performed a pentest using DNS hosts file method explained below. The root free versi…