Skip to content

Intermediate update 1.1.3 (OSS Release)
Compare
Choose a tag to compare
@OMTGreleaser OMTGreleaser released this 04 Aug 06:37
1.1.3
bb4b037
This commit was signed with the committer’s verified signature. The key has expired.
commjoen Jeroen Willemsen
GPG key ID: CFE26EA93355567A
Expired
Learn about vigilant mode.

What's Changed

  • Updated Acknowledgments, with 2 new co-authors.
  • Translated various parts into Japanese.
  • A large restructuring of the general testing, platform specific testing and reverse-engineering chapters.
  • Updated description of many tools: Adb, Angr, APK axtractor, Apkx, Burp Suite, Drozer, ClassDump(Z/etc), Clutch, Drozer, Frida, Hopper, Ghidra, IDB, Ipa Installer, iFunBox, iOS-deploy, KeychainDumper, Mobile-Security-Framework, Nathan, Needle, Objection, Magisk, PassionFruit, Radare 2, Tableplus, SOcket CAT, Xposed, and others.
  • Updated most of the iOS hacking/verification techniques using iOS 12 or 11 as a base instead of iOS 9/10.
  • Removed tools which were no longer updated, such as introspy-Android and AndBug.
  • Added missing MASVS references from version 1.1.4: v1.X, V3.5, V5.6, V6.2-V6.5, V8.2-V8.6.
  • Rewrote device-binding explanation and testcases for Android.
  • Added parts on testing unmanaged code in Objective-C, Java, and C/C++.
  • Applied many spelling, punctuation and style-related fixes.
  • Updated many cryptography related parts.
  • Added testaces for upgrade-mechanism verification for apps.
  • Updated Readme, Code of Conduct, Contribution guidelines, verification, funding link, and generation scripts.
  • Added ISBN as the book is now available at Lulu.
  • Added various fixes for the .epub format.
  • Added testcases on Android and iOS backup verification.
  • Improved key-attestation related explanation for Android.
  • Restructured OWASP Mobile Wiki.
  • Removed Yahoo Weather app and simplified reference on using SQL injection.
  • Improve explanation for iOS app sideloading to include various available methods.
  • Added explanation on using ADB and device shell for Android.
  • Added explanation on using device shell for iOS.
  • Provided comparison for using emulators/simulators and real devices for iOS/Android.
  • Fixed Uncrackable Level 3 for Android.
  • Improved explanation on how to exfiltrate data and apps on iOS 12 and Android 8.
  • Improved/updated explanation on SSL-pinning.
  • Added list of adopters of the MASVS/MSTG.
  • Updated English, Japanese, French and Spanish checklists to be compatible with MSTG 1.1.2.
  • Added a small write-up on Adiantum for Google.
  • Added MSTG-ID to the paragraphs to create a link between MSTG paragraphs and MASVS requirements.
  • Added review criteria for Android instant apps and guidance for app-bundle evaluation.
  • Clarified the differences between various methods of dynamic analysis.
Assets 6
Loading