OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.75k stars 2.33k forks source link

[UNDER REVIEW] 0x5d Data Classification Policy - What is sensitive information? #424

Closed sushi2k closed 7 years ago

sushi2k commented 7 years ago

-- TODO: What is sensitive information? Need to be described, ideally defined by the customer (data classification policy).

sushi2k commented 7 years ago

https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04-Testing-Processes-and-Techniques.md#classification-of-data

anantshri commented 7 years ago

first 2 paragraph are a bit too dense. (too many words per line), if we can do something about it then it will be good.

sushi2k commented 7 years ago

Thanks ananthshri. Just shortened the sentences. Let me know what you think.

pmilosev commented 7 years ago

I just read the section and it looks quite OK to me - short and clear. Just wondering why there is only 'data in transit' and 'data at rest' mentioned. Shouldn't there also be 'data in use' added to the list ?

AlexCline commented 7 years ago

A few suggestions for sensitive information that is commonly used in apps: