Jeroen Willemsen

I have not worked on it yet, as multiple other things came in that had a higher priority ^^. What we wanted to do was indeed describe those and describe...

Hmm I cannot find the time for it so would love to set it back to todo unfortunately.

Hi @TheDauntless ! Thank you for your bug submission, we will have a look soon, when we can find some time (given that both @sushi2k & me are at a...

Fixed in #1146 :) together with @TheDauntless . Please, for now, only use the apk provided in the mstg folder.

Is linked to https://github.com/OWASP/owasp-masvs/issues/443 , but seems like a great item to work at!

See : https://www.agnosticdev.com/blog-entry/network-security/mobile-landscape-certificate-transparency https://github.com/technion/ct_advisor https://github.com/google/conscrypt https://github.com/google/certificate-transparency-java https://www.agnosticdev.com/blog-entry/network-security/mobile-landscape-certificate-transparency https://github.com/Babylonpartners/certificate-transparency-android Note: ios 12.1.1 requires it already. https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate-transparency.md#certificate-transparency-for-enterprises for more info NOTE: using CTA will require your domain (including internal domains) to be...

Last note: when you do pinning on the CA its public key and the CA is compromised, then CT can help detecting that. However, if you do public key pinning...

I guess not: mostly only in iOS as every keyboard shipped with the Android OS could be a third party keyboard...

Hi @olex-st , sorry I missed this issue. Let me try to give it a go. 1. I am note sure: I have not payed attention to it lately. Maybe...

Hi @meetinthemiddle-be , thank you for your issue. Is this issue the same as https://github.com/OWASP/owasp-mstg/issues/1174?