Sven

Hi Anna, we are sorry to hear that, but to clarify a few things: - We never got this money, OWASP confirmed with us - The only communication that did...

Seems we might need to update that section. Thanks for pointing it out! You can also use ideviceinstaller, which is part of the package libimobiledevice in brew. Then you can...

r2frida should be added with an example in "###### Getting Loaded Libraries" besides Process.enumerateModules() in Frida. https://github.com/enovella/r2frida-wiki/blob/master/README.md

Hi @crazykid95. Thanks for raising the issue! You are right there is way more than keys and some of the items you mentioned are covered in the static analysis part...

> Actually I'm not sure if EncryptedSharedPreferences is even a good idea. It seems to only provide data at rest protection, but is susceptible to runtime hooking in order to...

Good summary of options for Android: https://medium.com/babylon-engineering/android-security-certificate-transparency-601c18157c44

Let's use this as an example when describing MSTG‑STORAGE‑14 in the MSTG, to demonstrate this as defense-in-depth requirements, "Android developers who use the keystore in their applications can also take...

Definitely worth mentioning it and describe how to test for it. I also just thought 0x05h and 0x06h is the best place for it, but which MASVS requirement does it...

let me work on the following two: 8.4 The app detects, and responds to, the presence of widely used reverse engineering tools and frameworks on the device. 8.5 The app...

We should also consider now https://github.com/securing/IOSSecuritySuite It implements a few of the RE checks in Swift