Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port MASTG-TEST-0012: Testing the Device-Access-Security Policy (android) (by @guardsquare) #3113

Merged
merged 117 commits into from
Mar 7, 2025
+938 −30
Merged

Port MASTG-TEST-0012: Testing the Device-Access-Security Policy (android) (by @guardsquare) #3113

Changes from 1 commit
Commits
Show all changes
117 commits
Select commit Hold shift + click to select a range
4c4f8b4
Create a test
serek8 Jan 14, 2025
7341997
Add a deprecation note
serek8 Jan 14, 2025
d8a188f
Add a note about the moved content
serek8 Jan 14, 2025
185d8b5
Add a demo
serek8 Jan 14, 2025
c50d599
Add a test for iOS
serek8 Feb 6, 2025
b30406d
Add iOS demo
serek8 Feb 6, 2025
6a65b44
Update MASWE-0008: Change title and alias, refine description for dev…
cpholguera Feb 7, 2025
5398673
Refactor iOS test for Device Secure Lock
serek8 Mar 4, 2025
92fb9ca
Refactor iOS demo for Device Secure Lock
serek8 Mar 4, 2025
a0f7c44
Refactor Android test for Device Secure Lock
serek8 Mar 4, 2025
6efcca4
Refactor Android demo test for Device Secure Lock
serek8 Mar 4, 2025
b67d882
Move the platform version demo to another weakness
serek8 Mar 4, 2025
d88e5f7
Apply suggestions from code review
serek8 Mar 6, 2025
369aff9
Refactor the leftovers from Device-Security-Access
serek8 Mar 6, 2025
87fc529
Fix IDs and filenames
serek8 Mar 6, 2025
f4b0524
Fix demos' source code
serek8 Mar 6, 2025
34c74cb
Move testing for passcode to RESILIENCE
serek8 Mar 6, 2025
ede5e65
Apply fixes for Evaluation section
serek8 Mar 6, 2025
ad2447f
Move iOS demos to RESILIENCE
serek8 Mar 6, 2025
1675c2f
Apply suggestions from code review
serek8 Mar 6, 2025
0253e6d
Add Android dynamic demo
serek8 Mar 6, 2025
9c4f069
Add Android dynamic test
serek8 Mar 6, 2025
9c076c5
Add iOS dynamic demo
serek8 Mar 6, 2025
b9986aa
Add iOS dynamic test
serek8 Mar 6, 2025
a84e351
Add links for APIs
serek8 Mar 6, 2025
73612b8
Add deprecation note
serek8 Mar 6, 2025
704b640
Add more tests to the deprecation note
serek8 Mar 6, 2025
c2c6b69
Update tests' overview
serek8 Mar 6, 2025
ff807e7
Add Biometrics to Android demo
serek8 Mar 6, 2025
c53d040
Add MASWE-0047, MASWE-0048, MASWE-0049, MASWE-0050, MASWE-0051, MASWE…
cpholguera Jan 3, 2025
2c6b10a
Reverse Engineer Flutter Technique (#2913)
Datafarm-Research Jan 3, 2025
4d4f6a5
Update MASTG-TEST-0228.md (#3106)
barbieri-mobisec Jan 9, 2025
d08c230
Update MASTG-TOOL-0064 Sileo (by @NVISOSecurity) (#3104)
TheDauntless Jan 9, 2025
5df0870
Port MASTG-TEST-0088 (by @appknox) (#3073)
sk3l10x1ng Jan 10, 2025
858aa1b
Mark MASTG-TEST-0016 as covered by v2 (by @guardsquare) (#3026)
nmsa Jan 10, 2025
585d74c
Update MASTG-DEMO-0021.md (#3109)
cpholguera Jan 10, 2025
fce9b4a
Update MASTG-BEST-0001.md (#3110)
cpholguera Jan 10, 2025
89af608
Update ProxyDroid (by @NVISOSecurity) (#3111)
TheDauntless Jan 11, 2025
0ca637f
Fix admonition borders (by @NVISOSecurity) (#3103)
TheDauntless Jan 14, 2025
2b2c595
[MASWE-0023] Weak Padding (#2922)
jmariasantosdekra Jan 16, 2025
a2a9744
Update MASTG-BEST-0004 - Add Link to Security recommendations for bac…
cpholguera Jan 17, 2025
94173c5
Add Eydle to donators (#3122)
sushi2k Jan 20, 2025
ed965fd
Add GitHub Actions workflow to build iOS demos (#3125)
cpholguera Jan 22, 2025
5e61f3c
Fix ios demos build (#3126)
cpholguera Jan 22, 2025
9b74f24
Add MASTG-DEMO Buttons to download APK/IPA, go to folder and build (b…
cpholguera Jan 22, 2025
bbd7313
Restore partial content in MASTG-TEST-0076 and fix outline in MASTG-T…
cpholguera Jan 24, 2025
a222478
Update MASTG-TEST-0076 (minor fixes) (#3129)
cpholguera Jan 25, 2025
bb5bbc1
Update MASWE-0023 (#3116)
cpholguera Jan 30, 2025
e5485b5
Update MASWE-0012 Draft (#3131)
cpholguera Jan 30, 2025
5aa2217
Update MASWE-0058 Draft to add Ref (#3132)
cpholguera Jan 31, 2025
3f45773
[MASWE-0020] Weak Encryption (by @appknox) (#2910)
sk3l10x1ng Feb 1, 2025
bf68b92
Update build demos Workflow files (Restrict to each platform) (#3135)
cpholguera Feb 1, 2025
7e5a1c3
Fix Weak Encryption Demos (#3134)
cpholguera Feb 1, 2025
c255a2a
Update MASTG-TEST-0229 with info about False Positives (#3130)
cpholguera Feb 4, 2025
0c34a0f
Update MASWE-0112: Add note about SDKs (#3124)
cpholguera Feb 4, 2025
58e1380
Added AppSec US Talk (#3143)
sushi2k Feb 4, 2025
71f38cd
Update CWE mapping on MASWE elements of MASVS-STORAGE-2. (#3146)
truerick Feb 6, 2025
a710aac
Update all CWE IDs on MASWE elements of MASVS-STORAGE-1. (#3145)
truerick Feb 6, 2025
d6855c1
Update all CWE IDs on MASWE elements of MASVS-CRYPTO-2. (#3140)
truerick Feb 6, 2025
fe22f86
Update all CWE IDs on MASWE elements of MASVS-CRYPTO-1. (#3139)
truerick Feb 6, 2025
256bb97
Update all CWE IDs on MASWE elements of MASVS-AUTH-3. (#3138)
truerick Feb 6, 2025
38e836e
Update all CWE IDs on MASWE elements of MASVS-AUTH-1. (#3133)
poffo-mobisec Feb 6, 2025
48d86fb
Update all CWE IDs on MASWE elements of MASVS-AUTH-2. (#3137)
truerick Feb 6, 2025
7842131
Update all CWE IDs on MASWE elements of MASVS-NETOWRK-2. (#3142)
truerick Feb 6, 2025
0a5169a
Update all CWE IDs on MASWE elements of MASVS-NETWORK-1. (#3141)
truerick Feb 6, 2025
5f538d6
Update CWE mapping on MASWE elements of MASVS-PLATFORM-3. (#3144)
truerick Feb 6, 2025
6a24800
Fixed Missing Java Code in the Sample (#3147)
harshul-vaishnav Feb 8, 2025
7da0dec
Update IPA Installation Techniques and Tools (by @NVISOSecurity) (#3100)
TheDauntless Feb 11, 2025
48fea8e
Update 0x02c-Acknowledgements.md (#3153)
sushi2k Feb 13, 2025
efe899d
Add rabin2: MASTG-TOOL-0129 (#3154)
cpholguera Feb 14, 2025
3023a3f
Add MASWE-0117 - Inadequate Permission Management (#3119)
cpholguera Feb 14, 2025
2dddd32
build-android-demos.yml: simplify shell scripts and cache Android app…
javier-ruiz-b Feb 17, 2025
50f605f
Update ZAP mentions (#3169)
kingthorin Feb 20, 2025
aa8218c
Update Social Links (#3170)
cpholguera Feb 22, 2025
4bcea6e
fix: caching a demo would cause other demos to use a modified Android…
javier-ruiz-b Feb 22, 2025
d695cd3
Refactor/ios demos optimization (#3174)
javier-ruiz-b Feb 23, 2025
67c8445
Update contact.md (#3182)
cpholguera Feb 24, 2025
4d6423b
Update MITM to Machine-in-the-Middle (#3175)
sushi2k Feb 27, 2025
6921753
Clarify and add MITM Techniques (by @NowSecure) (#3184)
cpholguera Mar 4, 2025
4203642
fix: update references to Machine-in-the-Middle (MITM) (#3187)
cpholguera Mar 4, 2025
f710fc3
Port MASTG-TEST-0022: Testing Custom Certificate Stores and Certifica…
titze Mar 4, 2025
a9f5324
Fix spelling errors in specified files (#3188)
cpholguera Mar 4, 2025
9a5264d
[MASTG-TEST-0001] Add covered by MASTG-TEST-0201 and MASTG-TEST-0202 …
sydseter Mar 6, 2025
d49f349
MASTG v1->v2 MASTG-TEST-0061 Verifying the Configuration of Cryptogra…
sydseter Mar 6, 2025
2bdc59e
Move testing for passcode to RESILIENCE
serek8 Mar 6, 2025
7576cdf
Update all CWE IDs on MASWE elements of MASVS-STORAGE-1. (#3145)
truerick Feb 6, 2025
0f42e4d
Update MASWE-0008: Change title and alias, refine description for dev…
cpholguera Feb 7, 2025
b8dd5be
Move testing for passcode to RESILIENCE
serek8 Mar 6, 2025
7e9e745
Fix conflicts
serek8 Mar 6, 2025
348cd7d
remove duplicate test file
cpholguera Mar 6, 2025
9eb3d80
fix test ID MASTG-TEST-0242 to MASTG-TEST-0247
cpholguera Mar 6, 2025
7f60286
MASTG-DEMO-0026: Update policy reference formatting and clarify passc…
cpholguera Mar 6, 2025
317267e
fix test ID MASTG-TEST-0243 to MASTG-TEST-0248
cpholguera Mar 6, 2025
6473b25
fix test ID MASTG-TEST-0244 to MASTG-TEST-0249
cpholguera Mar 6, 2025
d43952d
fix demo ID MASTG-DEMO-0027
cpholguera Mar 6, 2025
57455a3
fix demo ID MASTG-DEMO-0028
cpholguera Mar 6, 2025
2cf48e2
fix demo ID MASTG-DEMO-0028 (folder)
cpholguera Mar 6, 2025
e7d73ac
fix test ID MASTG-TEST-0064 covered_by order
cpholguera Mar 6, 2025
6faea73
Enhance demo ID MASTG-DEMO-0026 to log intercepted LAContext.canEvalu…
cpholguera Mar 6, 2025
3b63a8f
Update output for MASTG-DEMO-0026
cpholguera Mar 7, 2025
1b22e98
Refine terminology for secure screen lock in demos and tests
cpholguera Mar 7, 2025
c72e6fc
Enhance biometric checks in MastgTest to include strong biometric sta…
cpholguera Mar 7, 2025
44fc1bc
Enhance MASTG-DEMO-0027 frida script to log detailed backtrace and bi…
cpholguera Mar 7, 2025
575e100
Enhance MASTG-DEMO-0026 frida script to include configurable backtrac…
cpholguera Mar 7, 2025
bf46fd0
Add links to secure screen lock in MASTG-TEST-0247 and MASTG-TEST-0248
cpholguera Mar 7, 2025
2a1e699
Update output for MASTG-DEMO-0027
cpholguera Mar 7, 2025
7131edd
Add AndroidManifest.xml for MASTG-DEMO-0027 with necessary permission…
cpholguera Mar 7, 2025
da50a57
Add AndroidManifest.xml and reversed version for MASTG-DEMO-0028 with…
cpholguera Mar 7, 2025
61ca98e
Update severity level and patterns for passcode presence rule in YAML…
cpholguera Mar 7, 2025
a56c8cc
Update output MASTG-DEMO-0028
cpholguera Mar 7, 2025
e1e76d7
Update Frida command to target the correct application identifier for…
cpholguera Mar 7, 2025
34abae2
Update output for MASTG-DEMO-0026
cpholguera Mar 7, 2025
d5d64cc
Fix bug when logging backtrace in MASTG-DEMO-0026 script
cpholguera Mar 7, 2025
770156a
Update MASTG-DEMO-0026, MASTG-DEMO-0027 and MASTG-DEMO-0028 content
cpholguera Mar 7, 2025
db2529b
Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0027/AndroidManifest…
cpholguera Mar 7, 2025
9ef1d8f
Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0028/AndroidManifest…
cpholguera Mar 7, 2025
6ee7f2e
Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0028/AndroidManifest…
cpholguera Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update contact.md (#3182) 
* Update contact.md

* rm x
@cpholguera @serek8
cpholguera authored and serek8 committed Mar 6, 2025
commit 67c84455f20468cb4ce8aee82a909935879872b8
5 changes: 1 addition & 4 deletions docs/contact.md
View file
Original file line number Diff line number Diff line change
@@ -17,12 +17,11 @@ You can follow and reach out to the OWASP MAS team in many ways.
If you'd like to contribute, take a look at our [Contributions page](contributing.md) or reach out to the project leaders Carlos or Sven.

[:material-github:](https://github.com/OWASP/owasp-mastg/discussions)
[:material-twitter:](https://twitter.com/OWASP_MAS)
[:simple-bluesky:](https://bsky.app/profile/owasp-mas.bsky.social)
[:simple-mastodon:](https://infosec.exchange/@OWASP_MAS)
[:material-slack:](https://owasp.slack.com/archives/C1M6ZVC6S)

> [Request an invitation](https://owasp.slack.com/join/shared_invite/zt-g398htpy-AZ40HOM1WUOZguJKbblqkw#) to join our Slack channel `#project-mobile-app-security`
> [Request an invitation](https://join.slack.com/t/owasp/shared_invite/zt-30tg8azbk-F_bBrBLhIB~BAavbs0aJQA) to join our Slack channel `#project-mobile-app-security`
<br>

@@ -36,7 +35,6 @@ Carlos is a mobile security research engineer who has gained many years of hands

[:material-github:](https://github.com/cpholguera)
[:material-linkedin:](https://linkedin.com/in/carlos-holguera)
[:material-twitter:](https://twitter.com/grepharder)
[:simple-bluesky:](https://bsky.app/profile/grepharder.bsky.social)
[:simple-mastodon:](https://infosec.exchange/@grepharder)
[:material-slack:](https://owasp.slack.com/team/U5LRFEGR5)
@@ -51,7 +49,6 @@ Carlos is a mobile security research engineer who has gained many years of hands
Sven is an experienced web and mobile penetration tester and assessed everything from historic Flash applications to progressive mobile apps. He is also a security engineer that supported many projects end-to-end during the SDLC to "build security in". He was speaking at local and international meetups and conferences and is conducting hands-on workshops about web application and mobile app security.

[:material-github:](https://github.com/sushi2k)
[:material-twitter:](https://twitter.com/bsd_daemon)
[:material-slack:](https://owasp.slack.com/team/U1M6X5WCU)
[:material-email:](mailto:Sven.Schleier@owasp.org)
[:material-linkedin:](https://linkedin.com/in/sven-schleier)
2 changes: 0 additions & 2 deletions mkdocs.yml
View file
Original file line number Diff line number Diff line change
@@ -353,8 +353,6 @@ extra:
social:
- icon: fontawesome/brands/slack
link: https://owasp.slack.com/archives/C1M6ZVC6S
- icon: fontawesome/brands/twitter
link: https://twitter.com/OWASP_MAS
- icon: fontawesome/brands/bluesky
link: https://bsky.app/profile/owasp-mas.bsky.social
- icon: fontawesome/brands/mastodon