Closed cpholguera closed 5 years ago
commjoen
commented
6 years ago Thank you for the wonderful description of the issue! Is it ok if can can have a call first about it? Because changing the structure is quiet impactful at this point in time.
commjoen
commented
5 years ago Scheduled to be taken care of during the OSS2019! https://open-security-summit.org/working-sessions/mobile/restructure/
commjoen
commented
5 years ago Don't forget to update the excel after this :)
TheDauntless
commented
5 years ago Will we move to make a direct link between MASVS and MSTG? Just like ASVS and the security testing guide?
For a very large part of the content, this would make good sense.
commjoen
commented
5 years ago I think having direct links (excel file? and masvs?) will make sense. Moreover, some of the stuff is still os-dependent, while it might make more sense to say that these items can be written for both os's as well. The challenge is still a bit for some of the content: where should it go to (for instance: teh static analysis which should be moved out: where to?)
commjoen
commented
5 years ago what i think is still pretty important, is to keep the restructuring as fast and as painless as possible: let's first reuse existing content and restructure BEFORE we are going to write a lot of new content :),. this way other people adding content will not introduce a lot of merging conflicts.
commjoen
commented
5 years ago Can we close this?
cpholguera
commented
5 years ago We cannot close it yet. We've only covered the "Basic Security Testing" chapters on PRs #1220 and #1222. Now we still have to target the RE chapters on two new PRs.
El vie., 31 may. 2019 20:54, Jeroen Willemsen notifications@github.com escribió:
Can we close this?
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/OWASP/owasp-mstg/issues/970?email_source=notifications&email_token=AG6S2S6B6RFYLCWZ4KPQMCDPYFX5JA5CNFSM4FPOGCJ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWWC2NI#issuecomment-497823029, or mute the thread https://github.com/notifications/unsubscribe-auth/AG6S2S5JXQN5KVCWIP2NOOLPYFX5JANCNFSM4FPOGCJQ .
TheDauntless
commented
5 years ago I'm aligning iOS and Android from a structure point of view
commjoen
commented
5 years ago @cpholguera : can we now close this issue :D ?
cpholguera
commented
5 years ago Yes! We finally made it :D
commjoen
commented
5 years ago Congratulations!!! YOU and the team worked hard on this one! Finally!!!!! Whooohoooo!
As I was reviewing the chapters on Android and iOS Basic Security Testing / Reverse Engineering and Tampering (0x5b/5c and 0x6b/6c), I found that sometimes they are a bit mixed-up. In addition, if you read one and then go to the other you will find a completely different structure.
Of course the way we perform the testing on the different platforms is completely different but at the end, what we want to do is the same. The proposed unified structure for both chapters should:
At the end, as a mobile security tester, I normally want to do the same: work on a device with root access, get a shell, install apps, reverse apps, patch, debug, inject code, trace/dump stuff, access files, ...
Based on all of the previous points I have crafted the structure as a first draft that I would like to discuss with you. This could be implemented in several steps / tickets one per chapter, that would re-structure and re-organize them keeping all the current content, removing duplicates and adding the new stuff.
Here are the proposed outlines for the four chapters:
0x5b/6b Basic Security Testing
Setting up a Testing Environment
Host Device
Testing Device
Real Device vs Emulator
Getting Privileged Access
Recommended Setup
Basic Testing Operations
Accessing the Device Shell
On-device Shell App
Remote Shell
Information Gathering
Installed Apps
App Basic Information
Permissions
Native Libs
...
Accessing App Data (what to expect, where, sandbox structure)
Monitoring System Logs
Obtaining and Extracting Apps
App Store
App Decryption (iOS only)
App Thinning (iOS only)
Recovering the App Package from the Device
From Rooted / Jailbroken Devices
From Non-Rooted / Non-Jailbroken Devices
Installing Apps
Host-Device Data Transfer
0x5c/6c Reverse Engineering and Tampering
Reverse Engineering
Disassembling and Decompiling
Tooling (radare2, IDA, Hopper, Bin. Ninja)
Java / Objective-C and Swift
Native Libraries
Static Analysis
Manual (Reversed) Code Review
Java / Objective-C and Swift
Native Libraries
Basic Information Gathering
Strings
Call Diagrams and Cross References
API Usage (Bluetooth, NFC, Crypto ...) -> just refer to 0x05d-j/0x06d-j
Check Secure Connections (HTTPS, TLS, cert. pinning, ATS) -> just refer to 0x05g/0x06g
Automatic Code Analysis
Dynamic Analysis
Basic Information Gathering
Opened Files
Opened Connections
Loaded Native Libraries
Sandbox Inspection (Files and Permissions)
Debugging
Debugging Release Apps
Debugging Native Libraries
Dynamic Analysis on Non-Rooted/Non-Jailbroken Devices
Tracing
Execution Tracing (calls)
Method Tracing (parameters and returns)
Native Libraries Tracing
Emulation-based Analysis (Android only)
Binary Analysis
Angr
Symbolic Execution
Tampering and Runtime Instrumentation
Patching
Patching Release Apps
Patching Native Libraries
Re-Packaging
Library Injection
Re-Signing
Dynamic Instrumentation
Tooling (Xposed (Android only), Frida)
Information Gathering
Getting Loaded Libraries
Getting Loaded Classes and their Methods
Getting Runtime Dependencies
Method Hooking
Process Exploration (r2frida)
Memory Maps and Inspection
In-Memory Search
Memory Dump
Runtime Reverse Engineering
OS-specific customization (Android only)
Customizing the RAMDisk
Customizing the Android Kernel
Booting the Custom Environment
System Call Hooking with Kernel Modules