MASTG v1->v2 MASTG-TEST-0026: Testing Implicit Intents (android)

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.76k stars 2.33k forks source link

MASTG v1->v2 MASTG-TEST-0026: Testing Implicit Intents (android) #2997

Open cpholguera opened 1 week ago

cpholguera commented 1 week ago

Create a new MASTG v2 test covering for":

Title: Testing Implicit Intents
ID: MASTG-TEST-0026
Link: https://mas.owasp.org/MASTG/tests/android/MASVS-CODE/MASTG-TEST-0026/
Platform: android
MASVS v1: ['MSTG-PLATFORM-2']
MASVS v2: ['MASVS-CODE-4']

Follow the guidelines

TheDauntless commented 1 week ago

This test currently contains mostly 'testing for injection' stuff, which could be moved to https://github.com/OWASP/owasp-mastg/issues/2999, though it would have to be refactored.

There are specific issues with implicit intents, for example using them to trigger internal components, which is what this test should cover.