search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.8k stars 2.34k forks source link

[MASWE-0006] Sensitive Data Stored Unencrypted in Private Storage Locations #2544

Closed cpholguera closed 4 months ago

cpholguera commented 9 months ago

Description

Create a new risk for "Sensitive Data Stored Unencrypted in Private Storage Locations (MASVS-STORAGE-1)" using the following information:

Sensitive data may be stored in internal locations without encryption and may be accessible to other apps under certain conditions.

Create "risks/MASVS-STORAGE/1-***-****/data-unencrypted-private-storage/risk.md" including the following content:

---
title: Sensitive Data Stored Unencrypted in Private Storage Locations
alias: data-unencrypted-private-storage
platform: [android, ios]
profiles: [L2]
mappings:
  masvs-v1: [MSTG-STORAGE-2]
  masvs-v2: [MASVS-STORAGE-1, MASVS-CRYPTO-2]
  mastg-v1: [MASTG-TEST-0052, MASTG-TEST-0001]

---

## Overview

## Impact

## Modes of Introduction

## Mitigations

To complete the sections follow the guidelines from Writing MASTG Risks & Tests

When creating the corresponding tests, use the following areas to guide you:

MASTG v1 Refactoring:

If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.

Acceptance Criteria

cpholguera commented 9 months ago

Assign to @thomascannon

cpholguera commented 9 months ago

Hi @thomascannon, I think this PR was automatically closed because the target branch doesn't exist anymore. Sorry about that. Could you please reopen it targeting master? Thank you!