Skip to content

v1.7.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 31 Oct 08:36
· 57 commits to master since this release
v1.7.0
7172dfa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

MASTG Refactor Part 2: Techniques, Tools & Reference Apps: This release introduces the second phase of the MASTG (Mobile Application Security Testing Guide) refactor. These changes aim to enhance the usability and accessibility of the MASTG.

The primary focus of this new refactor is the reorganization of the MASTG content into different components, each housed in its dedicated section/folder and existing now as individual pages in our website (markdown files with metadata/frontmatter in GitHub):

image

image

NOTE: You may find broken links on the website and in the PDF/eBook. This is a consequence of these massive changes and we expect to be able to fix them soon.

  • Tests:

    • Website: Tests section.
    • GitHub: tests/ folder.
    • Identified by IDs in the format MASTG-TEST-XXXX.
    • Includes all tests originally in:
      • 0x05d/0x06d-Testing-Data-Storage.md
      • 0x05e/0x06e-Testing-Cryptography.md
      • 0x05f/0x06f-Testing-Local-Authentication.md
      • 0x05g/0x06g-Testing-Network-Communication.md
      • 0x05h/0x06h-Testing-Platform-Interaction.md
      • 0x05i/0x06i-Testing-Code-Quality-and-Build-Settings.md
      • 0x05j/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md
    • ⚠️ IMPORTANT (TODO): These tests are still the original MASTG v1.6.0 tests. We will progressively split them into smaller tests, the so-called "atomic tests" in MASTG v2 and assign the new MAS profiles accordingly.

  • Techniques:

    • Website: Techniques section.
    • GitHub: techniques/ folder.
    • Identified by IDs in the format MASTG-TECH-XXXX.
    • Includes all techniques originally in:
      • 0x05b/0x06b-Basic-Security_Testing.md
      • 0x05c/0x06c-Reverse-Engineering-and-Tampering.md

  • Tools:

    • Website: Tools section.
    • GitHub: tools/ folder.
    • Identified by IDs in the format MASTG-TOOL-XXXX.
    • Includes all tools from:
      • 0x08a-Testing-Tools.md

  • Apps:

    • Website: Apps section.
    • GitHub: apps/ folder.
    • Identified by IDs in the format MASTG-APP-XXXX.
    • Includes all apps from:
      • 0x08b-Reference-Apps.md

We hope that the revamped structure enables you to navigate the MASTG more efficiently and access the information you need with ease. See below for a detailed list of changes.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for this new OWASP MASTG refactoring phase and for continuing spreading the word about the OWASP MAS project.

We'd also like to thank our new MAS Advocate applicants for waiting patiently while we get everything ready behind the scenes for them to help us efficiently.

💙 Thanks to Zimperium for their generous donation!


Carlos Holguera, Sven Schleier and Jeroen Beckers - OWASP MAS project


NOTE: the OWASP MASTG v1.7.0 relies on the latest MASVS v2.0.0

Help us improve! questions | ideas | contact


What's Changed

📢 News

🧪 MASTG Test Cases

📖 MASTG Testing Fundamentals

✨ MASTG Testing Techniques

🪄 MASTG Testing Tools

  • Replace Passionfruit with Grapefruit by @lihter in #2451
  • Update r2frida guide examples to use : instead of \ for command start by @Shiva953 in #2450

📜 Mobile Security Checklists

🎉 New Donators

Other Changes

New Contributors

Full Changelog: v1.6.0...v1.7.0

Contributors

Laancelot, sushi2k, and 9 other contributors
Assets 5