Add Passkeys - Githubissues

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Creative Commons Attribution Share Alike 4.0 International

11.78k stars 2.34k forks source link

Add theory for passkeys to https://github.com/OWASP/owasp-mastg/blob/master/Document/0x04e-Testing-Authentication-and-Session-Management.md

https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html
https://developer.apple.com/passkeys/

Answer in this ticket:

what are the risks that an app is protecting against when using passkeys? Maybe this can become a recommended mitigation for those risks. Right now in the proposal we have one test (Passwordless Authentication Not Implemented) for this.
what are the potential risks when using passkeys. What are the tests we could write to address those risks?

OWASP / owasp-mastg

Add Passkeys #2283