Hi all,
The OWASP MSTG is currently about 50% done. If things continue as planned we're going to end up with a 700+ pages book, even surpassing the web testing guide. Our goal is to produce something with the quality of a published tech book, but some of the content isn't quite there yet. Therefore, we now need to start signing on technical editors / proofreaders (preferably native English speakers) who work through the content and make improvements.
Besides the review tasks, there's also quite a lot of content still missing, especially on the iOS side, as well as the high-level security testing methodologies (somehow nobody wants to do this ☺) We'll happily welcome volunteers that want to take on these or other topics!
Note that we'll also have a 5-days mobile app security track and working session on the OWASP Summit in London! I'll send out a more detailed description of that later.
To join the project, please have look at the README in our GitHub repo, and contact us direclty on Slack (instructions for that are in the README as well):
Cheers,
Bernhard
Bernhard Mueller | @muellerberndt
Project Leader, OWASP Mobile Security Testing Guide
The free and open software security community.
Hi Andrew,
That’s awesome! I’m going to post my answer to the list as well, hopefully it also helps others to get started:
- There’s a lot of things you could pick up – in the best-case scenario being that you’d take over a whole chapter and start filling in missing content. Some sections that need urgent attention are:
o High-level testing methodology. Setting up a security test, security testing steps, risk assessment, reporting, and so on. There’s some stuff there, but it’s incomplete and not well-structured:
o Many of the test cases on iOS, such as “Testing Platform Interaction” and “Testing Code Quality and Build Settings”. Not much content there yet besides headings.
o IOS reversing tutorials: Not a lot of content there yet compared to the Android chapter.
- If you go through the existing content, you’ll see a lot of opportunities to add or improve content. In principle, you can pick up anything, as there’s not a lot of people working on stuff anyway. Simply make an announcement on the Slack channel and/or ping Sushi2k or me. The Gitbook offers the most convenient way of browsing the guide.
- We’re doing our best to manage tasks on the project dashboard. Items that need help have a green “help wanted” tag. You can also pick any of those. Many of them are micro-tasks which is useful if you only have a couple of hours to invest. Open the issue and search the repo for the associated TODO tag, e.g. ‘develop content on "Testing WebView Protocol Handlers’.
- On the project dashboard, you’ll also tasks listed as “ready for review” (first quality gate) and “ready for final proofreading and technical editing” (second quality gate). For those, you can comment on the existing content or do pull requests (the preferred way).
- More details regarding contributions, authoring credit, and other topics can be found in the README.
Anyway, if there’s any questions, you can always contact us on the #project-mobile-omtg Slack channel. Thanks!
Cheers,
Bernhard
From: Andrew van der Stock <vand...@gmail.com>
Date: Sunday, May 21, 2017 at 2:28 PM
To: Bernhard Mueller <bernhard...@owasp.org>, <owasp-mobile...@owasp.org>
Subject: Re: The OWASP Mobile Security Testing Guide Needs Authors, Reviewers and Editors
HI Bernard,
Let me know what you need, and I will have a go at doing it. I'm currently doing some mobile secure code reviews for Android and iOS, so I can work on those if you want.
thanks,
Andrew
From: Bernhard Mueller <bernhard...@owasp.org>
Date: Sun May 21 2017 15:21:15 GMT+1000 (AUS Eastern Standard Time)
To: owasp-mobile...@owasp.org <owasp-mobile...@owasp.org>
Subject: The OWASP Mobile Security Testing Guide Needs Authors, Reviewers and Editors
Hi all,
The OWASP MSTG is currently about 50% done. If things continue as planned we're going to end up with a 700+ pages book, even surpassing the web testing guide. Our goal is to produce something with the quality of a published tech book, but some of the content isn't quite there yet. Therefore, we now need to start signing on technical editors / proofreaders (preferably native English speakers) who work through the content and make improvements.
Besides the review tasks, there's also quite a lot of content still missing, especially on the iOS side, as well as the high-level security testing methodologies (somehow nobody wants to do this ☺) We'll happily welcome volunteers that want to take on these or other topics!
Note that we'll also have a 5-days mobile app security track and working session on the OWASP Summit in London! I'll send out a more detailed description of that later.
To join the project, please have look at the README in our GitHub repo, and contact us direclty on Slack (instructions for that are in the README as well):
Cheers,
Bernhard
Bernhard Mueller | @muellerberndt
Project Leader, OWASP Mobile Security Testing Guide