Ox5j - Duplicate "Testing Root Detection" section (with 0x5h)

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.57k stars 2.29k forks source link

Ox5j - Duplicate "Testing Root Detection" section (with 0x5h) #232

Closed romualdszkudlarek closed 6 years ago

romualdszkudlarek commented 7 years ago

Both 0x5j and 0x5h contain a "Testing Root Detection" section. Should we remove one of them? Or rename one of them? Change the purpose of one?

sushi2k commented 7 years ago

They have different purpose. The root detection section in 0x05h is checking if root detection is present and implemented in the Mobile App as part of the MASVS requirement. The root detection section in 0x05j is going further and is checking if two or more independent root detection mechanism are present to be more resilient against reverse engineering. But the chapters need to be aligned more, to point this out properly. Thanks for sharing.

muellerberndt commented 7 years ago

Hey Sushi2k, I had the same concern recently and eliminated some of the duplicate chapters. It just doesn't make sense when looking at the MSTG standalone to address the exact same topic twice. I have written about handling root detection in detail in 0x05j. If no concerns I will remove the section in 0x05h - we can link both checklist items to 0x05j?

sushi2k commented 7 years ago

Yes. I looked again at the chapters and the best would be to do it like this. Just reference to 0x05j