Skip to content

v1.6.0
Compare
Choose a tag to compare
@github-actions github-actions released this 08 May 10:20
· 288 commits to master since this release
v1.6.0
1271f4b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Following up on the OWASP MASVS v2.0.0 Release we're excited to announce the release of the new OWASP MASTG version v1.6.0. This update includes a range of new features, including the first phase of the MASTG refactoring, MASVS color-coding, upgraded MAS Checklists (for OWASP MASVS v2.0.0 + MASTG v1.6.0), and much more. See below for a detailed list of changes.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for the MASVS refactoring, the OWASP MASTG refactoring, the OWASP MAS website and this MASTG v1.6.0 release and for continuing spreading the word about the OWASP MAS project.

💙 Thanks to dvuln, eShard, OHRUS and devoteam Cyber Trust for their generous donations!


Carlos Holguera, Sven Schleier and Jeroen Beckers - OWASP MAS project


NOTE: the OWASP MASTG v1.6.0 relies on the latest MASVS v2.0.0

Help us improve! questions | ideas | contact


What's Changed

📢 News

Introducing the MASVS v2 Colors

We're bringing official colors to the MASVS! The new colors will be used across the MASVS v2.0.0 and MASTG v2.0.0 to help users quickly identify the different control groups. We've also revamped certain areas of our website to make them more readable and easier to navigate as well as to prepare for what's coming with the MASTSG v2.0.0 (keyword: "atomic tests").

masvs_colors

MASVS

In the MASVS home page, the new colors will be used to highlight the different control groups.

masvs_home

The individual controls will also be color-coded to help users quickly identify the different control groups. We've also redesigned the control pages to make them more readable and easier to navigate.

masvs_control

MASTG

Now, when you navigate to the MASTG tests, you'll see that they are categorized by platform (Android/iOS) as well as by MASVS category, also using our new colors in the sidebar. The colors will also be used to highlight the different control groups in the test description.

Each test now contains a header section indicating the platform, the MASVS v1.5.0 controls, and the MASVS v2.0.0 controls.

mastg_test

We've also introduced a new section called "Resources" which is automatically generated using the inline links within the MASTG pages and serve as a quick reference to the most important resources for each test.

NOTE: The MASTG tests themselves haven't changed yet, we're still working on the refactoring. For now we've simply split the tests into individual pages to make them easier to navigate and reference. This will facilitate the work on the refactoring and the introduction of the new atomic tests.

MAS Checklist

The MAS Checklist pages and the MAS checklist itself have also been updated to use the new colors to highlight the different control groups and to make them easier to navigate.

checklist_home

When you click on a MASVS group you'll see a table listing the new MASVS v2.0.0 controls as well as the corresponding MASTG tests (v1.5.0) for both the Android and the iOS platforms.

checklist_detail

NOTE: The checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles accordingly.


We hope you like the new colors and the changes we've made to the website. We're looking forward to your feedback! Please use our GitHub Discussions to post any questions or ideas you might have. If you see something wrong please let us know by opening a bug issue.

More News

🧪 MASTG Test Cases

  • Add static analysis details for Android keyboard cache by @DIvanov503 in #2254
  • Recommend Using conscrypt for Old Android API Levels by @rlatapy-luna in #2340
  • Deprecate Fragment Injection Test for MSTG-PLATFORM-2 by @cpholguera in #2328
  • Proofreading fixes 0x05d part 1 by @Laancelot in #2351
  • Proofreading fixes 0x05d part 2 by @Laancelot in #2358
  • Add Test for Android Pending Intents to 0x05h by @su-vikas in #2300
  • Add Test for Implicit Intent Injection (MSTG-PLATFORM-2) by @LukasMarckmiller in #2056
  • Add codesign/ldid to the test Determining Whether the App is Debuggable (MSTG-CODE-2) by @sohsatoh in #2296
  • Add otool command to 0x06i-Testing-Code-Quality-and-Build-Settings.md by @rsenet in #2362
  • [Phase 1] Refactor 0x05h-Testing-Platform-Interaction.md (@nowsecure) by @angrymuffinx in #2286
  • [Phase 1] Refactor 0x06j-Testing-Resiliency-Against-Reverse-Engineering.md by @iotaaxel in #2321
  • [Phase 1] Refactor 0x0**-Testing-Code-Quality.md by @cpholguera in #2381
  • [Phase 1] Refactor 0x06h-Testing-Platform-Interaction.md by @TheDauntless in #2380
  • [Phase 1] Refactor 0x0**-Testing-Resiliency-Against-Reverse-Engineering.md by @sushi2k in #2382
  • [Phase 1] Refactor 0x0**-Local-authentication.md by @TheDauntless in #2377
  • [Phase 1] Refactor 0x0**-Testing-Network-Communication.md by @sushi2k in #2378
  • [Phase 1] Refactor 0x0**-Testing-Cryptography.md by @sushi2k in #2372
  • [Phase 1] Refactor 0x0**-Testing-Data-Storage.md by @cpholguera in #2379

📖 MASTG Testing Fundamentals

✨ MASTG Testing Techniques

🪄 MASTG Testing Tools

⚡ Automation

🎉 New Donators

🐞 Errata Corrections

Other Changes

New Contributors

Full Changelog: v1.5.0...v1.6.0

Contributors

cgarst, vtourraine, and 18 other contributors
Assets 5
Loading
3 Join discussion