OWASP owasp-mastg issues

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.32k stars 2.24k forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Update Existing Demos

#2617 cpholguera opened 5 hours ago
0
Fix broken links to 0x05|6c-Reverse-Engineering-and-Tampering.md

#2616 chagemann closed 1 day ago
0
Rename examples to demos

#2615 cpholguera closed 4 days ago
0
Update drozer tooling page (MASTG-TOOL-0015.md)

#2614 cyberMilosz opened 1 week ago
0
[Tool] Add blint for SBOM

#2613 cpholguera opened 1 week ago
0
[New Tool] add ios-app-signer (by @appknox)

#2612 sk3l10x1ng closed 1 week ago
1
Remove link processing temporarily & fix md links

#2611 cpholguera closed 1 week ago
0
fix links

#2610 cpholguera closed 2 weeks ago
0
Add codesign

#2609 cpholguera closed 2 weeks ago
0
[Tool] codesign

#2608 cpholguera closed 2 weeks ago
0
Fix broken links to 0x05|6c-Reverse-Engineering-and-Tampering.md

#2607 cpholguera closed 3 days ago
1
Fix broken MASTG-TEST links

#2606 cpholguera closed 2 weeks ago
0
Create Hun

#2605 shopdrop1 closed 2 weeks ago
0
Add Risk and Test - Backup Unencrypted [backup-unencrypted]

#2604 e-a-security opened 4 weeks ago
1
Updated copyright from 2023 to 2024

#2603 nitianabhigyan closed 1 month ago
0
[Tool] ios-app-signer

#2602 sk3l10x1ng closed 1 week ago
5
Fix iOS patching technique

#2601 cpholguera closed 1 month ago
0
Added ios & android technique and tool for re-flutter (by @appknox)

#2600 sk3l10x1ng opened 1 month ago
3
Add NIST CSWP 33

#2599 cpholguera closed 1 month ago
0
[tool] Add Drozer to Android Testing Guide back

#2598 andreysanyuk opened 1 month ago
8
Add Risk and Test - Sensitive Data Stored Unencrypted in External Storage [data-unencrypted-external]

#2594 serek8 opened 2 months ago
1
Add NTLM authentication to MSTG-CRYPTO-3

#2593 ghost closed 2 weeks ago
0
[New Tool] Add reflutter tool

#2592 sk3l10x1ng opened 2 months ago
5
New Risk - Insecure Random Usage [insecure-random]

#2591 cpholguera closed 2 months ago
3
New Risk - Improper Verification of Cryptographic Signature [improper-signature-verification]

#2590 cpholguera opened 2 months ago
0
New Risk - Weak Signature [weak-signatures]

#2589 cpholguera opened 2 months ago
0
New Risk - Weak Message Authentication Codes (MAC) [weak-mac]

#2588 cpholguera opened 2 months ago
0
New Risk - Weak Padding [weak-padding]

#2587 cpholguera opened 2 months ago
0
New Risk - Predictable Initialization Vectors (IVs) [predictable-ivs]

#2586 cpholguera opened 2 months ago
0
New Risk - Weak Hashing [weak-hashing]

#2585 cpholguera opened 2 months ago
2
New Risk - Weak Encryption [weak-encryption]

#2584 cpholguera opened 2 months ago
0
New Risk - Potentially Weak Cryptography Implementations [potentially-weak-crypto-impl]

#2583 cpholguera opened 2 months ago
0
New Risk - Cryptographic Keys Access Not Restricted [crypto-key-access-not-restricted]

#2582 cpholguera opened 2 months ago
0
New Risk - Cryptographic Keys Not Properly Protected on Export [crypto-keys-not-protected-export]

#2581 cpholguera opened 2 months ago
0
New Risk - Unsafe Handling of Imported Cryptographic Keys [unsafe-imported-key-handling]

#2580 cpholguera opened 2 months ago
0
New Risk - Deprecated Android KeyStore Implementations [deprecated-keystore]

#2579 cpholguera opened 2 months ago
1
New Risk - Cryptographic Keys Not Properly Protected at Rest [crypto-keys-not-protected-at-rest]

#2578 cpholguera opened 2 months ago
0
New Risk - Hardcoded Cryptographic Keys in Use [hardcoded-crypto-keys-usage]

#2577 cpholguera opened 2 months ago
3
New Risk - Insecure or Wrong Usage of Cryptographic Key [insecure-key-usage]

#2576 cpholguera opened 2 months ago
0
New Risk - Cryptographic Key Rotation Not Implemented [no-key-rotation]

#2575 cpholguera opened 2 months ago
0
New Risk - Weak Cryptographic Key Derivation [weak-crypto-key-derivation]

#2574 cpholguera opened 2 months ago
0
New Risk - Weak Cryptographic Key Generation [weak-crypto-key-generation]

#2573 cpholguera opened 2 months ago
1
Updated L1 vs L2 recommendation for MASVS-STORAGE and internal storage

#2572 cpholguera closed 2 months ago
0
updated ssl-kill-switch from v2 to v3 (by @appknox)

#2571 ScreaMy7 closed 1 month ago
1
Updated Decrypting Realm Databases for Android (0x05d) and iOS (0x06d)

#2570 R3zk0n closed 1 week ago
1
[Bug] Broken link in MASVS-RESILIENCE/MASTG-TEST-0050.md

#2569 chagemann closed 1 day ago
9
New Test - data-unencrypted-internal/android-data-in-sandbox/test.md

#2567 thomascannon opened 2 months ago
0
Add Risk and Test - Sensitive Data Stored Unencrypted in Private Storage Locations [data-unencrypted-private-storage]

#2566 thomascannon opened 2 months ago
1
Add Risk and Test - Sensitive Data Hardcoded in the App Package [data-hardcoded-app-package]

#2565 juanmanuelmartinez-dekra opened 2 months ago
4
Set depth to 0 & add last updated to the tests table

#2564 cpholguera closed 2 months ago
4