OWASP MSTG - Weekly Status Update 27.06.2016

[Sven Schleier]

Hi everyone,

and welcome to the third weekly Mobile Security Testing Guide (MSTG) development update!

There are a few things that need to be shared, so let’s summarize the efforts of last week.

For the following test cases a draft is now ready, but at the moment reviewers are missing that are actually reviewing the content:

• Testing for Sensitive Data Disclosure in Local Storage (OMTG-DATAST-004) - Android
  
• Testing for Sensitive Data sent to 3rd Parties (OMTG-DATAST-005) – Android
• Testing for Code Injection (OMTG-CODING-004) - Android
  
• Testing for Removal of Metadata from Compiled Code (OMTP-ADVPROT-001) – Android

If you have time, please put your name in the review column of our project plan and start review the test cases.

To give the roles in the Project Plan (Owner, Author and Reviewer) more structure, I started a definition of them. Please feel free to contribute, as this is just a first draft for now. You can find it in another Tab called "Definition of roles" in the Project Plan (https://docs.google.com/spreadsheets/d/10hmPgGLMkOz9Gx37S9hnWyyK3bPrXxIm19oelh4AND4/edit#gid=0&fvid=445206711).

We had quite a few updates on the Testing Guide and here is a quick list of the authors/reviewers that have been active in the last week. I only counted people who:

• are listed as authors or reviewers on the project plan AND
• have made changes to the guide (as seen in the revision history).

Android (recently active authors/reviewers):
Anant Shrivastava
Stephen Corbiaux
Sven Schleier

iOS (recently active authors/reviewers):
Abdessamad Temmar

Let me know if I left anyone out and thank you all for your time and work.

Thanks and cheers,

Sven