MASVS 7.2 is missing for iOS - Githubissues

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.74k stars 2.32k forks source link

MASVS 7.2 is missing for iOS #929

Closed sushi2k closed 5 years ago

sushi2k commented 6 years ago

MASVS 7.2: The app has been built in release mode, with settings appropriate for a release build (e.g. non-debuggable).

See Android Test Case: https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/code-quality-and-build-settings-for-android-apps#determining-whether-the-app-is-debuggable

sushi2k commented 6 years ago

Hi @shwetajoshi26. Any update on this ticket?

commjoen commented 6 years ago

@shwetajoshi26 any updates?

commjoen commented 5 years ago

The app should have:

[x] - recommended compiler settings enabled (Stack canary, ASLR, etc.)
[x] - not be debuggable,
[x] - have the right signing settings in Xcode
[x] - no logging
[ ] - no security controls disabled by means of macros

romualdszkudlarek commented 5 years ago

@sushi2k I've just initiated a proposal (PR #1086 ). Feel free to develop it :-)

commjoen commented 5 years ago

Merged it to OWASP:929/debugging and will continue there today