search

OWASP / owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
2.01k stars 431 forks source link

Environment Section - Merge 6.6 and 6.8 #83

Closed sushi2k closed 7 years ago

sushi2k commented 7 years ago

I am just starting with the environment section to create the test case in the MSTG and think we should merge the following requirements:

6.6 JavaScript is disabled in WebViews unless explicitly required.

6.8 If JavaScript is required in a WebView, the WebView is restricted to a specific URL, and no unfiltered user input is rendered in the WebView.

6.8 describes a recommendation that can be listed as part of the remediation section in the test case of 6.6, but I doubt that 6.8 should be a test case on it's own. The whole test case will be the same as for 6.6, therefore I think we should delete 6.8.

Any objection?

muellerberndt commented 7 years ago

No objection from me :)

sushi2k commented 7 years ago

Updated in MASVS and MSTG