OWASP MSTG - #8 Status Update 17.08.2016

20 views
Skip to first unread message

Sven Schleier

unread,
Aug 17, 2016, 2:01:08 AM8/17/16
to owasp-mobile...@owasp.org

Hi everyone,

welcome to the eighth OWASP Mobile Security Testing Guide (MSTG) development update! Let’s summarize the efforts of the last weeks.

As you have noticed the updates are getting less frequent and I will sent updates now once in a while when things are changing or something should be announced.

I tried to reach out to all authors and reviewers in the last weeks and some answers are still pending, but things are moving and we are getting more and more great content. As a gentle reminder, please try to create content for the guide if you volunteered as author and please also get in touch directly with the reviewer once you have a first draft. If you cannot find the mail address to a contact, please reach out to me, I can set you up. For reviewers, please start the review once the content is set to "Ready for review".

Also if you know you have no time in the next weeks/months or you changed your mind, please also delete your name out of the project plan so others can contribute.

Another important thing is that the project plan is mapped to the structure of the Testing Guide. So please be careful when moving content and giving it new headlines or changing the structure. Please reach out to me or Bernhard if you plan changes like this, so the project plan is not out-of-sync with the Testing Guide.

For the following content/test cases a draft is now ready, but at the moment reviewers are missing that are actually reviewing the content:
  • Testing Android Apps
  • Testing for Sensitive Data Disclosure in Local Storage (OMTG-DATAST-004) - Android
  • Testing for Sensitive Data sent to 3rd Parties (OMTG-DATAST-005) – Android
  • Testing whether Clipboard is Activated for Sensitive Fields (OMTG-DATAST-009) - Android
  • Testing for Sensitive Data in Screenshots (OMTG-DATAST-010) - Android
  • Testing for Sensitive Data in Application Snapshots (OMTG-DATAST-IOS-001) - Android
  • Testing for Known Vulnerabilities in Third-Party Components (OMTG-ENV-003) - iOS
  • Testing for Code Injection (OMTG-CODING-004) - Android
  • Testing for Removal of Metadata from Compiled Code (OMTP-ADVPROT-001) – Android

If you have time, please put your name in the review column of our project plan and start review the test cases.

We had quite a few updates on the Testing Guide and here is a quick list of the authors/reviewers that have been active in the last few weeks. I only counted people who:
  •  are listed as authors or reviewers on the project plan AND
  •  have made changes to the guide (as seen in the revision history).

Active authors/reviewers:
  • Bao Le
  • David Fern
  • Marco Lancini
  • Sven Schleier
  • Anant
  • Prathan Phongthiproek
  • Julian Schütte
  • Bernhard Müller
Thanks for your support and cheers,

Sven
Reply all
Reply to author
Forward
0 new messages