Closed muellerberndt closed 7 years ago
TheDauntless
commented
7 years ago What about references where there's no good text to use for the link? For example:
This reveals another surface of attacks aimed at data on the way. It's possible for an attacker to sniff or even modify (MiTM attacks) an unencrypted information if he controls any part of network infrastructure (e.g. an WiFi Access Point)[1].
sushi2k
commented
7 years ago In this case the reference can be removed from 0x07b-Testing-Network-Communication, as it's pointing to CWE. CWE is anyway in the reference section. Otherwise we need to find a way to get a text :-)
sushi2k
commented
7 years ago Done:
[x] Android Data Storage (https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md) [x] Android Platform Ineraction (0x05h-Testing-Platform-Interaction)
[x] iOS Testing Code Quality (0x06i-Testing-Code-Quality-and-Build-Settings) [x] iOS Testing Resiliency (0x06j-Testing-Resiliency-Against-Reverse-Engineering)
muellerberndt
commented
7 years ago The following chapters still have old style references:
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05i-Testing-Code-Quality-and-Build-Settings.md https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06d-Testing-Data-Storage.md https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06g-Testing-Network-Communication.md https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md https://github.com/OWASP/owasp-mstg/blob/master/Document/0x07c-Testing-Cryptography.md https://github.com/OWASP/owasp-mstg/blob/master/Document/0x07d-Assessing-Anti-Reverse-Engineering-Schemes.md
Any volunteers? :)
sushi2k
commented
7 years ago Let's finish it up next week. I try to do one per day :-)
sushi2k
commented
7 years ago 
Sjord
commented
7 years ago I am working on 0x07d.
TheDauntless
commented
7 years ago I've done a few more: https://github.com/OWASP/owasp-mstg/pull/624
Which should leave:
❯ grep -ril "" ./
.//Document/0x04b-Mobile-App-Security-Testing.md .//Document/0x04f-Testing-Network-Communication.md .//Document/0x04g-Testing-Cryptography.md .//Document/0x05c-Reverse-Engineering-and-Tampering.md .//Document/0x06b-Basic-Security-Testing.md .//Document/0x07d-Assessing-Anti-Reverse-Engineering-Schemes.md
sushi2k
commented
7 years ago Done [x] x04f-Testing-Network-Communication
sushi2k
commented
7 years ago Doing now 0x04g-Testing-Cryptography.md
sushi2k
commented
7 years ago I just got rid of the last tags and committed the last changes. All references are now changed to inline. There are two tags left, but they are in a different context and not used for references.
Great effort. Thanks for your help @Sjord @TheDauntless 👍
muellerberndt
commented
7 years ago Awesome!
Convert all references to inline.
For web links:
[TEXT](URL "NAME")
For example:
The threat modeling guidelines defined by OWASP are generally applicable to mobile apps.
For books and papers:
[#NAME]
And include the full reference in the "references" section manually:
E.g.:
An obfuscated encryption algorithm can generate its key (or part of the key) using data collected from the environment [#riordan].
And under "references" at the end of the document: