OWASP MSTG - #4 Weekly Status Update 04.07.2016

[Sven Schleier]

Hi everyone,

and welcome to the fourth weekly Mobile Security Testing Guide (MSTG) development update! Let’s summarize the efforts of last week.

I created last week a channel that is dedicated to the OWASP Mobile Testing Guide in the official OWASP Slack. You can reach the OWASP Slack via https://owasp.slack.com/ and the channel is #project-mobile_omtg. Besides using the mailing list, this might be another good option to discuss topics or can be a good platform for reviewers and authors to meet and discuss more efficiently on the content.

To keep things moving, I was writing last week all known authors/reviewers according to our project plan and already got many positive responses and also some new due dates, so thanks for that. If I missed anyone, please reach out to me so we can align our efforts and schedule accordingly.

One of the names in the Project Plan is "Esther", unfortunately I could not link this name to the mail addresses that have access to the documents. Therefore, can you please contact me directly as you volunteered for parts of the OWASP Mobile Testing Guide.

For the following test cases a draft is now ready, but at the moment reviewers are missing that are actually reviewing the content:

•     Testing for Sensitive Data sent to 3rd Parties (OMTG-DATAST-005) – Android
•     Testing for Code Injection (OMTG-CODING-004) - Android
•     Testing for Removal of Metadata from Compiled Code (OMTP-ADVPROT-001) – Android

If you have time, please put your name in the review column of our project plan and start review the test cases.

We had quite a few updates on the Testing Guide and here is a quick list of the authors/reviewers that have been active in the last week. I only counted people who:

• are listed as authors or reviewers on the project plan AND
• have made changes to the guide (as seen in the revision history).

Android (recently active authors/reviewers):
Anant Shrivastava
Javi Xeneize
Sven Schleier
Stephanie Vanroelens

iOS (recently active authors/reviewers):
Aaron Guzman

Let me know if I left anyone out and thank you all for your time and work.

Thanks and cheers,

Sven

[Bao Le]

Dear all,

 

Could you tell me how can I join to official owasp mobile team on Slack that mention below?

 

 

Thanks & Best Regards!

Lê Quốc Bảo

Mobile: 0915840284

Skype: whitehatpanda

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Comment: GPGTools - https://gpgtools.org

 

mQINBFdwme4BEADiYZ9S6rcn/yCSUm9W1q7TNgY0xSKpnp5WiOUrFkotrhkaIvaf

uOCOkg8sRwoZeE2RqCPQuUT3JjvpffROC4dAiFrULW6PcmPxNuuoo5YM89CGhn0E

KNG3xLGQ1SR8uMTbcG6MNmWm/lXINjpm4mIFDJX6xD2U5wFmi+fXX5oBZTVEBeMn

qsMSio8BydwC11Cusv6CHT6WzOA4coxZCJsJOZlZFLT8XoTgbvMNaYgCsf8MmBHg

xut0uC7goX/GkDGa5Reek7fhlFHGofA7xoVqb2cB7xSPMZbzlnNe6Rgn+XTBkUmc

OMSBtHlgw9VRQrl6Z21RIHNP590mF3fKjPCj0F2MAaIc75R2wPbftBzJOvolTk7o

RG1FmQKFOlNN4vaI2m1SBWUE6m8mTOv2ubxJ0OMNKCXez/QQlWJxdmlPw3FU1vKt

vvyRDrA5NybhDYXSetZB3H9B1KUdPv61VMTadPQXy/s7XZMakQEdZOnSEL/0YRJ6

d0ugFCfeNFs/9hR6RnBLNrAw350154sDGmUxORmf1YvYdCqA/wTXarroXodvkXRj

RQmwBcq2rrb41+M1SXR1RClA191hvo4RK7dXsBBCtPDOCKzJdKi9gGOXysP8hTSG

wmQdYaHzu1FCqtTqAif2uZ47P6PGPKqf4Nlph5G/bo1esx90AruIpHGpjQARAQAB

tBpMRSBRVU9DIEJBTyA8YmFvbHFAaHB0LnZuPokCPQQTAQoAJwUCV3CZ7gIbAwUJ

B4YfgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAHcXinztrcGbqSD/9M0Ufe

4FeVjm3yy8xU6J9K/Dq31otqVYc0qy+4TruLNn2IfXXCtN4qZ5B3/NLwYI8D2sdc

6yOX5bU9/F7wiTiv0k9hBX0n4xWEzJaz92QrG6SWSqCP2NFJL+tpW7hSAGRLnuxI

1oUR7boMJdbWgcig1+1XQfuncCOfACzeEEG13Hh32dx5xjuCn9pPI537AM5oAUwo

+sowH/Fux/aOjgRXd9+9yZRNmp0qGBtw9a95VOj2iRHZnP9ahc4O4fZri6sGhfv8

WisKDEQ9zt7m/YVTGjbTTDD1vElbSJ3bs/tHCHZTP5m+VgQJArLPwwC7XZ6ZTCY4

u8GwC6D1xLfd/MDOKtpdxxDN35Mt22NKP/RIJrfBQRFk0Ngi2N1LleqrinVWSguj

gRBd2qL//ucogvHgQEJ4mZZFWz+/+yMDJU0NqyOLv1dLHLDISEpK8jhuau2ji+Aq

jwHQEHd2FxauGjUYcdXno1c3/eDFUuSABtjYXLGeNtx5E5CxGUucUurhzNiKEX/7

0N1ZKFFYtmNDHXxIOB9OFKYulvv3KEauDTpqFVz4CBDHBq7azmn7nkOo8DbEgjgT

9Y1z/LXkNp7q21NVG4jASQZRxMA1DmoAC/LCOZ9zM624HrHsYIi11v7aQ+z6Nc51

yhqjUi76lK65yJigrv70sfmBBg+M5O8ZexYACLkCDQRXcJnuARAAveRCIlWWqbIX

5SxYHqSYQH1NqcbRU1UPhK6a1OOI25ojtzi1WvMfNephj34//e78ZC3jsuI1Q+a8

VMtZdcoNwNCNAeX+3oeBKGrCT3j5YYhNJ2pVvaDth2c8h57Zi2MOpaUQu3C2pbtt

4tRkHmiO1y4bbYwdk+i/ydTSu+RLoivLUwexvzhvxNENScnD/Qrt2JDzVwvQpx0v

azpiFwPXrtFc6kskAVKHukM4B4C8aD+4IG9HqzBXjylLq2W8YH7kNhTT8m3COalP

WOr/1tEq5BMDaf2PtT7wK1wLROLRtB8zj8wlCafY2eE8IvMtWboEAOgDGiuqbUFz

0Mz+pH7kGSDVIANdoeADdkv3cyj4g10342/RLpLIrSgNX0HvqOYXPyYdHlDqu4S9

3LxNne0iFttZuDetC5QQkKASZU3oz6po6FUXwMBLaXd03+fxZmxcl8lmTNCMTFQu

zuNq3ThCfjX/6GR03VxEmF6p4ZIAiPmW+Ffx96Xu/Wtr2oW4BWbk+DKOqay75Yag

ZFpaf1ESSGi7y9NKNnGtnPFvd+RXnyg4/8CFT0UN9hoPpG0aT57EQcyFAaBlMmhb

NgydjmJAvm2iwyYIhtGvDtQUbgNUEZKCfqQNL/dcCXR7cMi4v//+OXjg+UIDmysR

HOnvlUao+E2GREVsVz0+p3zuNLJpXIUAEQEAAYkCJQQYAQoADwUCV3CZ7gIbDAUJ

B4YfgAAKCRAHcXinztrcGXTyD/0drNWgV8TErNstFgru1BS1byQxVrbn7/ORizjp

NpQ8vt/uZE1iXui5+ow2WXZ4aoS+9WFmhlBxBgA163Cin3GHnAdvno+NO7BKl30C

rbfGFy/YqCYJTyd70kqKxQKZSKOWjQ6cNgEtCD2eaEk9azdD6gdAWDe8GV8TmHmU

VJCseC0J5yXtRf3DY1PSHz789L/LMAyO4W4n3eyVMQJemADzQV97xRzyxsOzoKKv

/h7TEXtQVQtYlIlgkOgDA2yQcHmsRG5ftpzq6U0fuTG2pNiP5rJ3d98al3vjJcWl

PxHpSZZy0dtGO8nJRMBo+nh6tUskUFaZccJNZaaFfjO9pIR4gLADTkfUnkvYA0zr

Um971F/3xXXjLKJQ9aCmypYvqKGfBD7v/lXpMpUea0LxVx1CuYuvvZ8Eog5XWjXs

4hi32I2xTmWBIs1m6t7xaG6zMgM2YhJp1kuC9uV29KWC8sGfS5VFu/Rc2piw5yBM

uiqgK9GkhwYTwN6bP+BCift42+jJ72aq9Iuv/UQvwgHJHeh7d622p86Fjcfs8+/J

viXTijkwlepY6QbeiuPtcjnPboSl+fE3UFPHtfLgUZkNk+vFiux9+5suu3D21HSd

cxg5uwYWT/pRPvUhaFIiwqSsNwjbBqadcNVB0I5So03ds/b5qjG7ud1ojygnbF34

tedd/Q==

=7KX6

-----END PGP PUBLIC KEY BLOCK-----

--
You received this message because you are subscribed to the Google Groups "OWASP Mobile Top 10 Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-mobile-top-1...@owasp.org.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.

[Sven Schleier]

Hi everybody,

I did miss the link to register for the OWASP Slack channel. Here it is:

http://owasp.herokuapp.com

Thanks and cheers,

Sven