search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.46k stars 2.26k forks source link

Review New Risk & Tests for insecure-random #2557

Open cpholguera opened 5 months ago

cpholguera commented 5 months ago

This is a preview of the new implementation of risks and tests for the MAS project.

In this issue we'd like to collect your feedback regarding:

MASVS-CRYPTO: risks/MASVS-CRYPTO/1-strong-crypto/insecure-random

Guidelines

The guidelines for writing these new components are available here and are open for feedback. Be sure to read them before providing feedback.

Risks, Tests & Examples

The file structure is as follows: risks/<masvs_category>/<masvs_control_alias>/<risk_alias>/<test_alias>/example-*/

This draft also includes 2 new components: mitigations and prerequisites. Feel free to review and provide feedback on these as well.

DISCLAIMER

This risk and test is a "preview draft", and therefore subject to change. We will be incorporating suggestions and new changes at any time until we finalize it.

How to provide feedback

Please include comments directly in this issue.

Feedback about the Guidelines is also welcome: Please include comments on the guidelines directly in the Google Doc using the "Comment" function.

cpholguera commented 4 months ago

I think we need to include this in the mappings

mastg-v1: [MASTG-TEST-0063, MASTG-TEST-0016]