Extend MSTG on connectivity remarks

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.75k stars 2.33k forks source link

Extend MSTG on connectivity remarks #1493

Closed commjoen closed 2 years ago

commjoen commented 5 years ago

Based on https://github.com/OWASP/owasp-masvs/issues/132, we should have a MSTG-ARCH-3 testcase with explanation on the risks of bluetooth/nfc/etc. and reference to the testcase for payload encryption MSTG-MSTG‑RESILIENCE‑13.

commjoen commented 5 years ago

See https://github.com/OWASP/owasp-mstg/issues/1494

cpholguera commented 2 years ago

We considered this as part of MASVS-NETWORK and the ioXt standard will take care of this bulding on top of the MASVS.