Hi all,
Ā
The OWASP MSTG is currently about 50% done. If things continue as planned we're going to end up with a 700+ pages book, even surpassing the web testing guide. Our goal is to produce something with the quality of a published tech book, but some of the content isn't quite there yet. Therefore, we now need to start signing on technical editors / proofreaders (preferably native English speakers) who work through the content and make improvements.
Ā
Besides the review tasks, there's also quite a lot of content still missing, especially on the iOS side, as well as the high-level security testing methodologies (somehow nobody wants to do this āŗ) We'll happily welcome volunteers that want to take on these or other topics!
Ā
Note that we'll also have a 5-days mobile app security track and working session on the OWASP Summit in London! I'll send out a more detailed description of that later.
Ā
To join the project, please have look at the README in our GitHub repo, and contact us direclty on Slack (instructions for that are in the README as well):
Ā
Ā
Cheers,
Ā
Bernhard
Ā
Bernhard Mueller | @muellerberndt
Project Leader, OWASP Mobile Security Testing Guide
Ā
Ā
The free and open software security community.
Ā
Hi Andrew,
Ā
Thatās awesome! Iām going to post my answer to the list as well, hopefully it also helps others to get started:
Ā
-Ā Ā Ā Ā Ā Ā Ā Ā Ā Thereās a lot of things you could pick up ā in the best-case scenario being that youād take over a whole chapter and start filling in missing content. Some sections that need urgent attention are:
Ā
oĀ Ā Ā High-level testing methodology. Setting up a security test, security testing steps, risk assessment, reporting, and so on. Thereās some stuff there, but itās incomplete and not well-structured:
oĀ Ā Ā Many of the test cases on iOS, such as āTesting Platform Interactionā and āTesting Code Quality and Build Settingsā. Not much content there yet besides headings.
oĀ Ā Ā IOS reversing tutorials: Not a lot of content there yet compared to the Android chapter.
-Ā Ā Ā Ā Ā Ā Ā Ā Ā If you go through the existing content, youāll see a lot of opportunities to add or improve content. In principle, you can pick up anything, as thereās not a lot of people working on stuff anyway. Simply make an announcement on the Slack channel and/or ping Sushi2k or me. The Gitbook offers the most convenient way of browsing the guide.
Ā
-Ā Ā Ā Ā Ā Ā Ā Ā Ā Weāre doing our best to manage tasks on the project dashboard. Items that need help have a green āhelp wantedā tag. You can also pick any of those. Many of them are micro-tasks which is useful if you only have a couple of hours to invest. Open the issue and search the repo for the associated TODO tag, e.g. ādevelop content on "Testing WebView Protocol Handlersā.
Ā
-Ā Ā Ā Ā Ā Ā Ā Ā Ā On the project dashboard, youāll also tasks listed as āready for reviewā (first quality gate) and āready for final proofreading and technical editingā (second quality gate). For those, you can comment on the existing content or do pull requests (theĀ preferred way).
Ā
-Ā Ā Ā Ā Ā Ā Ā Ā Ā More details regarding contributions, authoring credit, and other topics can be found in the README.
Ā
Anyway, if thereās any questions, you can always contact us on the #project-mobile-omtg Slack channel. Thanks!
Ā
Cheers,
Ā
Bernhard
Ā
From: Andrew van der Stock <vand...@gmail.com>
Date: Sunday, May 21, 2017 at 2:28 PM
To: Bernhard Mueller <bernhard...@owasp.org>, <owasp-mobile...@owasp.org>
Subject: Re: The OWASP Mobile Security Testing Guide Needs Authors, Reviewers and Editors
Ā
HI Bernard,
Ā
Let me know what you need, and I will have a go at doing it. I'm currently doing some mobile secure code reviews for Android and iOS, so I can work on those if you want.Ā
Ā
thanks,
Andrew
From: Bernhard Mueller <bernhard...@owasp.org>
Date: Sun May 21 2017 15:21:15 GMT+1000 (AUS Eastern Standard Time)
To: owasp-mobile...@owasp.org <owasp-mobile...@owasp.org>
Subject: The OWASP Mobile Security Testing Guide Needs Authors, Reviewers and Editors
Hi all,
Ā
The OWASP MSTG is currently about 50% done. If things continue as planned we're going to end up with a 700+ pages book, even surpassing the web testing guide. Our goal is to produce something with the quality of a published tech book, but some of the content isn't quite there yet. Therefore, we now need to start signing on technical editors / proofreaders (preferably native English speakers) who work through the content and make improvements.
Ā
Besides the review tasks, there's also quite a lot of content still missing, especially on the iOS side, as well as the high-level security testing methodologies (somehow nobody wants to do this āŗ) We'll happily welcome volunteers that want to take on these or other topics!
Ā
Note that we'll also have a 5-days mobile app security track and working session on the OWASP Summit in London! I'll send out a more detailed description of that later.
Ā
To join the project, please have look at the README in our GitHub repo, and contact us direclty on Slack (instructions for that are in the README as well):
Ā
Ā
Cheers,
Ā
Bernhard
Ā
Bernhard Mueller | @muellerberndt
Project Leader, OWASP Mobile Security Testing Guide
Ā