[MASWE-0050] New MASWE Weakness

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.8k stars 2.34k forks source link

[MASWE-0050] New MASWE Weakness #2690

Open cpholguera opened 4 months ago

cpholguera commented 4 months ago

Create a new weakness for "MASWE-0050":

GitHub Repo file: https://github.com/OWASP/owasp-mastg/blob/master/weaknesses/MASVS-NETWORK/MASWE-0050.md
Website Page: https://mas.owasp.org/MASWE/MASVS-NETWORK/MASWE-0050/

Follow the MAS guidelines

ScreaMy7 commented 1 month ago

Hi @cpholguera, I have a few doubts regarding this test case, the relevant topics suggest

cross-platform framework e.g. Flutter, Xamarin, do applications need to be built with these frameworks?
use of low-level APIs e.g. SSLSocket on Android or Network on iOS. ATS doesn't apply there. Prefer high-level API calls such as Android HttpsURLConnection/iOS URLSession. Does this refer to the use of an insecure WebSocket like ws://?

cpholguera commented 1 month ago

Hey @ScreaMy7, I was just working on a draft for this weakness this week and I just pushed the content. Please take a look and I hope you can find answers to your questions in there. Feel free to review it and add your comments or any questions you may have.

https://github.com/OWASP/owasp-mastg/pull/2919

ScreaMy7 commented 3 weeks ago

Hi @cpholguera, Thanks for the explanation. I would like to take up this testcase.

cpholguera commented 3 weeks ago

Could you please search for another test? We already have Pull Requests creating these tests. Sorry about that