Sven
To-Do pushed to next release: - [ ] Parse the log output in GitHub actions to detect overflows that might cause issues in the produced artefacts (PDF etc.); meaning missing...
**Platform:** iOS **Description:** https://github.com/OWASP/owasp-mstg/issues/1494
**Describe the issue** The test case for "Making Sure that the App Is Properly Signed (MSTG‑CODE‑1)" for iOS is only an overview without much information on what to do with...
**Describe the issue** Mitigating steps to address a new attack form NCC against Qualcomm backed key stores should be added to MSTG. https://www.nccgroup.trust/us/our-research/private-key-extraction-qualcomm-keystore/
In chapter: "Testing Code Quality and Build Settings of Android Apps" Enhance section "[Make Sure That Free Security Features Are Activated (MSTG-CODE-9)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05i-Testing-Code-Quality-and-Build-Settings.md#make-sure-that-free-security-features-are-activated-mstg-code-9)" with "Secure Compiler Settings for Android NDK". -...
**Describe the issue** Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget...
**Platform:** iOS **Description:** See also https://github.com/OWASP/owasp-masvs/issues/488 Requirement in https://github.com/OWASP/owasp-masvs/blob/master/Document/0x11-V6-Interaction_with_the_environment.md could be changed to: 6.11 | MSTG-PLATFORM-11 | Verify that the app prevents usage of custom third-party keyboards whenever sensitive data...
**Describe the issue** https://github.com/OWASP/owasp-mstg/pull/1979#pullrequestreview-809807221
**Describe the issue** Add additional meta-data to our existing markdown description. Mixture of Yaml and Markdown: https://raw.githubusercontent.com/OWASP/owasp-mstg/master/.github/ISSUE_TEMPLATE/bug-report---error-in-app.md Can still be read in Python @TheDauntless what was the library? Front Matter...
**Describe the issue** Passionfruit is being used and referenced in the MSTG. Passionfruit is not maintained anymore and worse is not working anymore since Frida 14. Passionfruit (https://github.com/chaitin/passionfruit) can be...