forked from OWASP/owasp-mastg
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] master from OWASP:master #84
Open
pull
wants to merge
635
commits into
FreddyZeng:master
Choose a base branch
from
OWASP:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* extend the status column in the MAS Checklists * refactor: Added a enum class to reduce the magic numbers implemented in the yaml_to_excel.py * refactor: Added missing cd command.
Link, formatting, we instead of I
* Proofreading fixes part 8 0x05c * Update Document/0x05c-Reverse-Engineering-and-Tampering.md Committing suggestion by @cpholguera Co-authored-by: Carlos Holguera <[email protected]> * Update Document/0x05c-Reverse-Engineering-and-Tampering.md Committing suggested link Co-authored-by: Carlos Holguera <[email protected]> --------- Co-authored-by: Carlos Holguera <[email protected]>
* Content for pendingintent --------- Co-authored-by: cpholguera <[email protected]>
* git commit -m 'Implicit Intent Injection description and static analysis in Testing for Injection Flaws (MSTG-PLATFORM-2) * Fixed markdown for Testing Implicit Intent Injection in Testing for Injection Flaws (MSTG-PLATFORM-2) * Separate theory and include several fixes --------- Co-authored-by: Sven <[email protected]> Co-authored-by: cpholguera <[email protected]>
* [MSTG-CODE-2] Add a static analysis method (codesign/ldid) * Change passive present to active present * Remove the link to saurik server as the page shows ssl error * Add the title of the reference page * Fix lint issues * Fix line break * Apply suggestions from code review * fix test overview and md linting issues --------- Co-authored-by: Carlos Holguera <[email protected]>
fixed link
* fix pic * update year
… into mastg-refactor-1
* chore: Update page titles and table of contents for testing tools and reference apps * Add icons to MASTG buttons and new buttons * rm tools index since we still use the one on Document/
* Update MASWE-0052 draft * Update weaknesses/MASVS-NETWORK/MASWE-0052.md
…ations (#2834) * Add Corellium tools page with benefits and limitations * Apply suggestions from code review Co-authored-by: Jeroen Beckers <[email protected]> * fix md links * update corellium content * update tool id --------- Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]>
* added Nope-proxy tool * fix spaces * small fixes * update tool ID --------- Co-authored-by: Carlos Holguera <[email protected]>
* add semgrep * update references to @MASTG-TOOL-0110
updated donators
Co-authored-by: Jeroen Beckers <[email protected]>
Co-authored-by: Jeroen Beckers <[email protected]>
add refs
* MASWE-0009 * fix spell * fix markdown-lint * updated weakness * change test ID * add semgrep as tool * change demo IDs * change demo id as duplicate * Update weaknesses/MASVS-CRYPTO/MASWE-0009.md * Apply suggestions from code review * updated changes * renamed TOOL-0105 -> TOOL-0109 * fix changes * rm semgrep (will be added separately) and update refs to the tool * update ios demo to use r2 and the MASTestApp for iOS * update spell checker ignore words list * rm ios folder * add ios folder to correct name and demo based on r2 * update MASTG-TEST-0209 with libraries and references. Extended to consider also dynamic analysis. * change to modes of introduction * update DEMO-0011 to be about RSA key size * Apply suggestions from code review * add binary for demo 11 * update r2 script and output * Update weaknesses/MASVS-CRYPTO/MASWE-0009.md * Update tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-0209.md Co-authored-by: Carlos Holguera <[email protected]> * Apply suggestions from code review Co-authored-by: Carlos Holguera <[email protected]> * Apply suggestions from code review Co-authored-by: Sven <[email protected]> * updated android demo * changed semgrep rule to standard form * Apply suggestions from code review * remove extra line * fix link --------- Co-authored-by: Sven <[email protected]> Co-authored-by: Carlos Holguera <[email protected]>
…] Hardcoded Cryptographic Keys in Code (by appknox) (#2869) * closes 2577 * fix spelling * rm rule for ios * Deprecate weakness MASWE-0013 * Update title for MASTG-TEST-0210 to include "in Code" * added the android test case * Apply suggestions from code review --------- Co-authored-by: Carlos Holguera <[email protected]>
* Added MASWE-0019.md * Removed blank spaces from MASWE-0019.md * Added newline at the end of MASWE-0019.md * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <[email protected]> * Update MASWE-0019.md * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md --------- Co-authored-by: Carlos Holguera <[email protected]>
* Added technique for analyzing entitlements * Improve linting * More linting * Final lints * Update techniques/ios/MASTG-TECH-0111.md --------- Co-authored-by: Carlos Holguera <[email protected]>
…MASTG-DEMO-0016] New Tests and Demos (#2879) * create demo * add 2 new tests for weak encrpytion and hashing algs * minor update demo 14 * add 2 new demos for insecure hashing with cryptokit and commoncrypto * rm binary * move binaries * update .gitignore to exclude Payload/ * add demo 14 binary * update path to bin in run.sh
…2781) * [MASWE-0014] Add Cryptographic Keys Not Properly Protected at Rest * improve content * add new test * Update MASWE-0005 to be API Keys Hardcoded in the App Package * add new demo * add new demos files * include RASP * add binary and output with simpler function * update demo 13 with detailed write-up and output files * update demos to use asm for better output * remove asm bytes * rename tests * Add white-box cryptography technique for encrypting API keys and sensitive data * fix url
* defined variables can't contain dashes * Fix markdown highlighting hint
* Added connecting Burp via HTTP Tookit Added a method to BurpSuitre via HTTPToolkit. Since many had an issue with connecting flutter apps even after trying all the ways out, This method worked. * Added proxying Android apps to Burp via HTTP Toolkit Added another way to proxy traffic from android to Burp. Since most of the times, reFlutter and other ways don't work. * Added proxying Android apps to Burp via HTTP Toolkit * Added connecting Burp via HTTP Tookit * minor markdown fixes * add final newline * reduce size --------- Co-authored-by: Carlos Holguera <[email protected]>
* added tool pidcat * fix * Update tools/android/MASTG-TOOL-0108.md * Update tools/android/MASTG-TOOL-0108.md * correct ID --------- Co-authored-by: Carlos Holguera <[email protected]>
* Add references to reFlutter Fixes #2902 * fix IDs * fix IDs and update codesign to be 0114
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )