Status Update
19 views
Skip to first unread message
alza...@gmail.com
Nov 17, 2016, 8:58:14 PM11/17/16
to OWASP Mobile Top 10 Risks
Hi everybody,
welcome to the ninth OWASP Mobile Security Testing Guide (MSTG) development update! Let’s summarize the efforts of the last weeks.
I finally had time to put some content in the OWASP Wiki for the Hacking Playground, which is now an official OWASP project. Have a look and let me know what you think, feedback is highly appreciated:
https://www.owasp.org/index.php?title=OWASP_OMTG_Hacking_Playground
Source code is available on GitHub:
https://github.com/OWASP/OMTG-Hacking-Playground
If you have broken/vulnerable Android or iOS Apps that you can share, we can also collect them here so it really get's a mobile hacking playground. The project goal is to have an Android App (which I already started) and iOS App that maps to the test cases of the OMTG.
For the following content/test cases a draft is now ready, but at the moment reviewers are missing that are actually reviewing the content:
Testing Android Apps - Static Analysis
Testing for Sensitive Data Disclosure in Local Storage (OMTG-DATAST-004) - Android
Testing for Sensitive Data sent to 3rd Parties (OMTG-DATAST-005) – Android
Testing whether Clipboard is Activated for Sensitive Fields (OMTG-DATAST-009) - Android
Testing for Sensitive Data in Screenshots (OMTG-DATAST-010) - Android
Testing for Sensitive Data in Application Snapshots (OMTG-DATAST-IOS-001) - Android
Testing for Hardcoded Secrets (OMTG-CRYPTO-001) - iOS
Testing for Known Vulnerabilities in Third-Party Components (OMTG-ENV-003) - iOS
Testing for Code Injection (OMTG-CODING-004) - Android
Testing for Removal of Metadata from Compiled Code (OMTP-ADVPROT-001) – Android
If you have time, please put your name in the review column of our project plan and start review the test cases.
We had quite a few updates on the Testing Guide and here is a quick list of the authors/reviewers that have been active in the last few weeks. I only counted people who:
are listed as authors or reviewers on the project plan AND
have made changes to the guide (as seen in the revision history).
Active authors/reviewers:
Bernhard Müller
Pragati Singh
Dennis Titze
Alvaro Zamora
Javi
David Fern
Thanks for your support and cheers,
Alvaro Zamora /net9969/
welcome to the ninth OWASP Mobile Security Testing Guide (MSTG) development update! Let’s summarize the efforts of the last weeks.
I finally had time to put some content in the OWASP Wiki for the Hacking Playground, which is now an official OWASP project. Have a look and let me know what you think, feedback is highly appreciated:
https://www.owasp.org/index.php?title=OWASP_OMTG_Hacking_Playground
Source code is available on GitHub:
https://github.com/OWASP/OMTG-Hacking-Playground
If you have broken/vulnerable Android or iOS Apps that you can share, we can also collect them here so it really get's a mobile hacking playground. The project goal is to have an Android App (which I already started) and iOS App that maps to the test cases of the OMTG.
For the following content/test cases a draft is now ready, but at the moment reviewers are missing that are actually reviewing the content:
Testing Android Apps - Static Analysis
Testing for Sensitive Data Disclosure in Local Storage (OMTG-DATAST-004) - Android
Testing for Sensitive Data sent to 3rd Parties (OMTG-DATAST-005) – Android
Testing whether Clipboard is Activated for Sensitive Fields (OMTG-DATAST-009) - Android
Testing for Sensitive Data in Screenshots (OMTG-DATAST-010) - Android
Testing for Sensitive Data in Application Snapshots (OMTG-DATAST-IOS-001) - Android
Testing for Hardcoded Secrets (OMTG-CRYPTO-001) - iOS
Testing for Known Vulnerabilities in Third-Party Components (OMTG-ENV-003) - iOS
Testing for Code Injection (OMTG-CODING-004) - Android
Testing for Removal of Metadata from Compiled Code (OMTP-ADVPROT-001) – Android
If you have time, please put your name in the review column of our project plan and start review the test cases.
We had quite a few updates on the Testing Guide and here is a quick list of the authors/reviewers that have been active in the last few weeks. I only counted people who:
are listed as authors or reviewers on the project plan AND
have made changes to the guide (as seen in the revision history).
Active authors/reviewers:
Bernhard Müller
Pragati Singh
Dennis Titze
Alvaro Zamora
Javi
David Fern
Thanks for your support and cheers,
Alvaro Zamora /net9969/
Bernhard Mueller
Nov 17, 2016, 11:53:51 PM11/17/16
to alza...@gmail.com, OWASP Mobile Top 10 Risks
Hi Alvaro Zamora,
You just re-posted an old email from Sven, putting your own name under it. Why?
https://groups.google.com/a/owasp.org/forum/#!topic/owasp-mobile-top-10-risks/OLJ9Y92wiYI
--
You received this message because you are subscribed to the Google Groups "OWASP Mobile Top 10 Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-mobile-top-1...@owasp.org.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.
You just re-posted an old email from Sven, putting your own name under it. Why?
https://groups.google.com/a/owasp.org/forum/#!topic/owasp-mobile-top-10-risks/OLJ9Y92wiYI
You received this message because you are subscribed to the Google Groups "OWASP Mobile Top 10 Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-mobile-top-1...@owasp.org.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.
Reply all
Reply to author
Forward
0 new messages