The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
When creating the corresponding tests, use the following areas to guide you:
insufficient Key Length
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Description
Create a new risk for "Weak Cryptographic Key Generation (MASVS-CRYPTO-2)" using the following information:
e.g. 1024-bit RSA keys, 128-bit AES keys, 160-bit ECDSA keys, 80-bit symmetric keys
Create "
risks/MASVS-CRYPTO/2-***-****/weak-crypto-key-generation/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-CRYPTO/2-***-****/weak-crypto-key-generation/risk.md
)