The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Create a new risk for "Sensitive Data Hardcoded in the App Package (MASVS-STORAGE-1)" using the following information:
Sensitive data (including cryptographic and authentication material) can be hardcoded in the app package, source code, and compiled binary which can be extracted by an attacker.
Create "risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md" including the following content:
---
title: Sensitive Data Hardcoded in the App Package
alias: data-hardcoded-app-package
platform: [android, ios]
profiles: [L1, L2]
mappings:
masvs-v2: [MASVS-STORAGE-1]
mastg-v1: []
---
## Overview
## Impact
## Modes of Introduction
## Mitigations
When creating the corresponding tests, use the following areas to guide you:
app package (APK/IPA)
app source / compiled binary
libs
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
[ ] The risk has been created in the correct directory (risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md)
Description
Create a new risk for "Sensitive Data Hardcoded in the App Package (MASVS-STORAGE-1)" using the following information:
Sensitive data (including cryptographic and authentication material) can be hardcoded in the app package, source code, and compiled binary which can be extracted by an attacker.
Create "
risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md
)