Closed rockhoppersec closed 7 months ago
Great piece of feedback @rockhoppersec! I can see how there would be confusion for these test case objectives. Changing the title might be more inclusive so I think your suggestion solution works.
Somewhat related to these test cases - do we have an objective that analyzes compiled binaries build flags for PIE/ASLR, NX, etc. that aid in decompilation strategies for reversing?
Changed the title in https://github.com/OWASP/owasp-istg/commit/a041dc6035ddbcb799a83533a0e8a09506fa1f12.
Regarding the build flags, I think this is beyond the current level of detail. However, we should keep it in mind for later, more detailed versions of the ISTG.
I received feedback regarding the test case "Disclosure of Source Code" (IOT-MEM-INFO-001, IOT-FW-INFO-001). It might be confusing that only source code is mentioned in the title while the section "Test Objectives" also refers to binary files.
Suggested solution: Change the title to better reflect the test objectives, e.g., "Disclosure of Source Code and Binaries".
@scriptingxss: What's your opinion on this matter?