Jeroen Willemsen
Jeroen Willemsen
Maybe good to check with https://github.com/xebia/xsec-scripts/issues/2 if some other checks might be missing in terms of getting the IAM data.
Check if there is a risk of the confused deputy given the value-chain the account under inspection is in.
Given your awesome list, I was kinda hoping you would be willing to add 2 more websecurity projects to it ;-).
Can you please add the version of the lab you have integrated in the home page?
MSTG-Platform-10: A WebView's cache, storage, and loaded resources (JavaScript, etc.) should be cleared before the WebView is destroyed. - [X] Android https://github.com/OWASP/owasp-mstg/pull/1984 - [ ] iOS TBD Maybe include to...
With Android Oreo, you now have new broadcast (implicit intent) limitations, as well as limitations as a background service. This will influence how the rogue apps might be able to...
For more info on cloudkit: https://developer.apple.com/documentation/coredata/mirroring_a_core_data_store_with_cloudkit/
We should have testcases for signin with apple: https://developer.apple.com/sign-in-with-apple/
Update the android mstg on storage due to the introduction of scoped storage: https://developer.android.com/about/versions/10/features#create-files-external-storage
We need a testcase for MSTG‑RESILIENCE‑13: As a defense in depth, next to having solid hardening of the communicating parties, application level payload encryption can be applied to further impede...