The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Originally posted by **sohsatoh** October 21, 2022
Currently, the static analysis section of MSTG-CODE-2 for iOS only describes methods for those who can access to the source code.
However, there is a way to check that `get-task-allow` is true in the entitlement using ldid.
https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues?language=objc
Any thoughts on adding this to the Static Analysis section?
(I wasn't sure whether I could submit a pull request directly, so I posted here.)
Discussed in https://github.com/OWASP/owasp-mastg/discussions/2294