Add MSTG-RESILIENCE-7 and MSTG-RESILIENCE-8

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.66k stars 2.3k forks source link

Add MSTG-RESILIENCE-7 and MSTG-RESILIENCE-8 #1113

Open commjoen opened 5 years ago

commjoen commented 5 years ago

Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected 8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used. 8.8: The detection mechanisms trigger responses of different types, including delayed and stealthy responses.

sushi2k commented 5 years ago

I guess it would make sense to mention Safetynet for Android as one mechanism that could be used to achieve this (report tampering) https://developer.android.com/training/safetynet/

commjoen commented 5 years ago

True :)