Update IPA Installation Techniques and Tools (by @NVISOSecurity) #3100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 7 commits
December 26, 2024 06:50
sushi2k
requested changes
Dec 30, 2024
There was a problem hiding this comment.
Great content @TheDauntless! Also the warnings/tips for AppSync and libimobiledevice are spot on! I've reviewed the tools, planning to do the rest today or tomorrow.
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
|
Thanks for the review so far! |
sushi2k
reviewed
Jan 4, 2025
There was a problem hiding this comment.
@TheDauntless reviewed more techniques, but not done yet. Thanks for the nice summary!
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
Co-authored-by: Sven <sven@bsddaemon.org>
sushi2k
requested changes
Jan 11, 2025
cpholguera
reviewed
Jan 21, 2025
sushi2k
approved these changes
Jan 29, 2025
sushi2k
reviewed
Jan 29, 2025
sushi2k
reviewed
Feb 8, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
reviewed
Feb 9, 2025
cpholguera
requested changes
Feb 9, 2025
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
cpholguera
approved these changes
Feb 11, 2025
titze
pushed a commit
to titze/owasp-mastg
that referenced
this pull request
Feb 18, 2025
serek8
pushed a commit
to serek8/owasp-mstg
that referenced
this pull request
Mar 6, 2025
cpholguera
added a commit
that referenced
this pull request
Mar 7, 2025
…oid) (by @Guardsquare) (#3113) * Create a test * Add a deprecation note * Add a note about the moved content * Add a demo * Add a test for iOS * Add iOS demo * Update MASWE-0008: Change title and alias, refine description for device security enforcement * Refactor iOS test for Device Secure Lock * Refactor iOS demo for Device Secure Lock * Refactor Android test for Device Secure Lock * Refactor Android demo test for Device Secure Lock * Move the platform version demo to another weakness * Apply suggestions from code review Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Refactor the leftovers from Device-Security-Access * Fix IDs and filenames * Fix demos' source code * Move testing for passcode to RESILIENCE * Apply fixes for Evaluation section * Move iOS demos to RESILIENCE * Apply suggestions from code review Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Add Android dynamic demo * Add Android dynamic test * Add iOS dynamic demo * Add iOS dynamic test * Add links for APIs * Add deprecation note * Add more tests to the deprecation note * Update tests' overview * Add Biometrics to Android demo * Add MASWE-0047, MASWE-0048, MASWE-0049, MASWE-0050, MASWE-0051, MASWE-0052 (#2919) * Add overview, impact, modes of introduction, and mitigations * inital drafts * Apply suggestions from code review Co-authored-by: Jeroen Beckers <info@dauntless.be> * Apply suggestions from code review Co-authored-by: Sven <sven@bsddaemon.org> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Jeroen Beckers <info@dauntless.be> * Update weaknesses/MASVS-NETWORK/MASWE-0047.md * Update weaknesses/MASVS-NETWORK/MASWE-0047.md * Refactor MASWE-0048: Update title and description for Insecure Machine-to-Machine Communication; remove content and enhance draft data * Refactor MASWE-0047, MASWE-0049, MASWE-0051 and MASWE-0052: Remove draft sections and update status to new * Refactor MASWE-0050: Update modes of introduction and mitigations for cleartext traffic; merge Platform-provided Settings (global and per-domain), incorporate non-http and remove pinning mitigation * Apply suggestions from code review * Update weaknesses/MASVS-NETWORK/MASWE-0051.md --------- Co-authored-by: Jeroen Beckers <info@dauntless.be> Co-authored-by: Sven <sven@bsddaemon.org> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Reverse Engineer Flutter Technique (#2913) * Reverse Engineer Flutter Technique Hi, My name is Sabina, and I am part of the research team at Datafarm. We have recently developed a tool called Blutter, designed to reverse engineer Flutter mobile application. We believe this tool could be highly beneficial to the cybersecurity community and are excited about the possibility of sharing it through OWASP's page. To facilitate this, I would like to propose adding a technique document about our tool to your GitHub repository. This document would include: -A detailed description of Blutter -Its key features and use cases If there is any additional information or clarification we can provide about Blutter, or if there are any specific features or improvements you believe would enhance its functionality for your community or organization, please feel free to contact us. * Update and rename MASTG-TECH-0111.md to MASTG-TECH-0112.md * Update MASTG-TECH-0112.md * Update techniques/android/MASTG-TECH-0112.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update techniques/android/MASTG-TECH-0112.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update techniques/android/MASTG-TECH-0112.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update techniques/android/MASTG-TECH-0112.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update techniques/android/MASTG-TECH-0112.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Explain code block. * Update techniques/android/MASTG-TECH-0112.md * Update techniques/android/MASTG-TECH-0112.md --------- Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update MASTG-TEST-0228.md (#3106) Removed 2nd step because was wrong. * Update MASTG-TOOL-0064 Sileo (by @NVISOsecurity) (#3104) * Update MASTG-TOOL-0064.md * Typo * Apply suggestions from code review Co-authored-by: pruDhv! <58649792+sk3l10x1ng@users.noreply.github.com> * Update tools/ios/MASTG-TOOL-0064.md --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> Co-authored-by: pruDhv! <58649792+sk3l10x1ng@users.noreply.github.com> * Port MASTG-TEST-0088 (by @appknox) (#3073) * port mastg test 0088 * deprecation note * updated id * added Demo * fix * fix space * fix spell * refactor jailbreak detection to return detailed status and proof * Apply suggestions from code review Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * fix: correct filename in jailbreak detection script * refactor: update title and instructions for jailbreak detection demo * refactor: update jailbreak detection test descriptions and add new dynamic analysis test * fix: correct evaluation criteria for jailbreak detection test * Update tests/ios/MASVS-RESILIENCE/MASTG-TEST-0088.md * feat: mark jailbreak detection tests as prone to false negatives * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * updated changes * updated demo app, output.asm & r2 script * update test IDs * update demo ID --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Mark MASTG-TEST-0016 as covered by v2 (by @Guardsquare) (#3026) * Mark MASTG-TEST-0016 as covered by v2 * Add documentation refs * Apply suggestions from code review Reviewer suggestions Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Complemented analysis and mitigations * Add links to mitigations * Apply suggestions from code review Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * Update MASTG-DEMO-0021.md (#3109) * Update MASTG-BEST-0001.md (#3110) * Update ProxyDroid (by @NVISOsecurity) (#3111) * Update ProxyDroid (by @NVISOsecurity) * Fix linting * Rewording * Apply suggestions from code review * Update tools/android/MASTG-TOOL-0120.md --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Fix admonition borders (by @NVISOsecurity) (#3103) * Fix #3102 * Add new style for example admonition * Add ALL admonitions * [MASWE-0023] Weak Padding (#2922) * Added MASWE-0019.md * Removed blank spaces from MASWE-0019.md * Added newline at the end of MASWE-0019.md * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update MASWE-0019.md * Update weaknesses/MASVS-CRYPTO/MASWE-0019.md * Added MASWE-0023.md content * Removed newlines and blank spaces * Added final blankspace * Update weaknesses/MASVS-CRYPTO/MASWE-0023.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update MASWE-0023.md * Update MASWE-0023.md * remove some unneded points --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update MASTG-BEST-0004 - Add Link to Security recommendations for backups (#3118) * Update MASTG-BEST-0004 - Add Link to Security recommendations for backups * add links to android-risks * Add Eydle to donators (#3122) Co-authored-by: Sven Schleier <sven@s7ven.info> * Add GitHub Actions workflow to build iOS demos (#3125) * Fix ios demos build (#3126) * Enhance iOS build workflow with debugging step and path corrections * Add MASTG-DEMO Buttons to download APK/IPA, go to folder and build (by @nowsecure) (#3121) * Add GitHub API integration for fetching latest successful Android demo run * Enhance GitHub Actions workflow by adding environment variable for GitHub Pages deployment * Add demo banners for Android and iOS with links to APK and binary downloads * Update demo banners for Android and iOS to include direct download links and improve layout * Rename demo functions * Update demo buttons for Android and iOS to include build links * Restore partial content in MASTG-TEST-0076 and fix outline in MASTG-TEST-0069 (#3128) * Update MASTG-TEST-0076: Restore sections that were missing after refactoring * Refactor MASTG-TEST-0069: Update section headings and fix outline * Update MASTG-TEST-0076: Standardize section headings, fix broken link and improve content clarity * Update MASTG-TEST-0076 (minor fixes) (#3129) * Update MASTG-TEST-0076 (minor fixes) * minor title and content fixes * rm links that weren't there anyway * Update MASWE-0023 (#3116) * fix pkcs mention * fix for consistency * overall content update * Add URL pattern for Kudelski Security research site in URL checker config * Fix PKCS#7 confusion Co-authored-by: Jan Seredynski <janseredynski@gmail.com> * Address code review comments for MASWE-0023 about padding oracle attacks * Update weaknesses/MASVS-CRYPTO/MASWE-0023.md --------- Co-authored-by: Jan Seredynski <janseredynski@gmail.com> * Update MASWE-0012 Draft (#3131) * Update MASWE-0058 Draft to add Ref (#3132) * [MASWE-0020] Weak Encryption (by @appknox) (#2910) * added weaknesss * updated weakness * added MASTG-DEMO, rule, MASTG-TEST * updated weakness.md * fix spelling * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * Update weaknesses/MASVS-CRYPTO/MASWE-0020.md * removed duplicate * change status to new * updated title MASTG-TEST-0211.md * updated title MASTG-DEMO-0016.md * updated tests-beta * fix lint * updated MASWE-0020.md * updated mitigations * updated changes * removed MASTG-TEST-0211.md * added new Demo * 2 demo added * renamed semgrep files * updated * rename * updated * updated MASWE-0020.md * updated MASWE-0020.md * updated weak-encryption.yaml * Renamed files * updated Demo.md * rename rules filename * updated changes * updated changes * fix --------- Co-authored-by: Sven <sven@bsddaemon.org> * Update build demos Workflow files (Restrict to each platform) (#3135) * Update build-android-demos.yml * restrict to ios * Fix Weak Encryption Demos (#3134) * fix demo ID, add more references in evalutions and add RC4 * Update test identifiers in MASTG-DEMO-0022 and MASTG-DEMO-0023 * Add vulnerable Blowfish encryption method and update output format * Update MASTG-TEST-0221 to specify weak symmetric encryption algorithms and add best practices * Update MASTG-TEST-0232 to clarify focus on weak symmetric encryption modes and enhance security context * Add best practice guideline for using secure encryption algorithms in Android * Update MASTG-DEMO-0022 and MASTG-DEMO-0023 to refer to the corresp. tests for more info in the evaluation. * Update MASTG-TEST-0221 to enhance descriptions of weak symmetric encryption algorithms * Update MASTG-DEMO-0023 to reference the correct YAML file for weak encryption modes * Refactor weak encryption algorithm patterns to use regex for improved matching * Fix output formatting in weak encryption demos and update run scripts to redirect output correctly * Refactor weak encryption mode detection to use regex for broader matching and simplify summary * Fix double quotes * Fix formatting of vulnerable AES modes by adding backticks for clarity * Fix formatting in MASTG-DEMO-0022.md by separating weak encryption algorithm description and reference for clarity * Update MASTG-TEST-0229 with info about False Positives (#3130) * Update MASWE-0112: Add note about SDKs (#3124) * Added AppSec US Talk (#3143) Co-authored-by: Sven Schleier <sven@s7ven.info> * Update CWE mapping on MASWE elements of MASVS-STORAGE-2. (#3146) * Update all CWE IDs on MASWE elements of MASVS-STORAGE-2. * Update all CWE IDs on MASWE elements of MASVS-STORAGE-2. * add CWEs MASWE-0002 --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update all CWE IDs on MASWE elements of MASVS-STORAGE-1. (#3145) * Update all CWE IDs on MASWE elements of MASVS-CRYPTO-2. (#3140) * Update all CWE IDs on MASWE elements of MASVS-CRYPTO-1. (#3139) * Update all CWE IDs on MASWE elements of MASVS-AUTH-3. (#3138) * Update all CWE IDs on MASWE elements of MASVS-AUTH-1. (#3133) MASWE-0005, mapped on commit b69b228 from STORAGE-1 to AUTH-1, is now moved under the right folder. Co-authored-by: Riccardo Poffo <truerick@hotmail.it> * Update all CWE IDs on MASWE elements of MASVS-AUTH-2. (#3137) * Update all CWE IDs on MASWE elements of MASVS-NETOWRK-2. (#3142) * Update all CWE IDs on MASWE elements of MASVS-NETWORK-1. (#3141) * Update CWE mapping on MASWE elements of MASVS-PLATFORM-3. (#3144) * Update all CWE IDs on MASWE elements of MASVS-PLATFORM-3. * add CWEs to MASWE-0057 --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Fixed Missing Java Code in the Sample (#3147) * Update IPA Installation Techniques and Tools (by @NVISOsecurity) (#3100) * Update 0x02c-Acknowledgements.md (#3153) * Update 0x02c-Acknowledgements.md * fix md * fix md --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Add rabin2: MASTG-TOOL-0129 (#3154) * add rabin2 tool * add rabin2 tool to tech to get entitlements * update refs to rabin2 * Add MASWE-0117 - Inadequate Permission Management (#3119) * Add MASWE-0117: Inadequate Permission Management * Update CWE reference for MASWE-0117 from 359 to 250 * Remove duplicate Android permission request references in MASWE-0117 * Clarify permission management risks and add new references * fix missing white space * Update weaknesses/MASVS-PRIVACY/MASWE-0117.md * Update weaknesses/MASVS-PRIVACY/MASWE-0117.md Co-authored-by: Jeroen Beckers <info@dauntless.be> --------- Co-authored-by: Jeroen Beckers <info@dauntless.be> * build-android-demos.yml: simplify shell scripts and cache Android app build (#3157) * chore: check out android demos only * chore: simplify matrix generation script * chore: simplify apk build script * chore: remove unnecessary step * chore: use checkout action instead of git clone * feat: cache gradle builds --------- Co-authored-by: Javier Ruiz <triomphe3@gmail.com> * Update ZAP mentions (#3169) * Update ZAP mentions ZAP left OWASP over a year ago. * Apply suggestions from code review --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Social Links (#3170) * Update Social Links * update social links in contact * fix: caching a demo would cause other demos to use a modified Android… (#3173) * fix: caching a demo would cause other demos to use a modified AndroidManifest or kotlin code, which would result in mixing demos with unpredicted behaviors. Caching now the base app separately * fix: cache restore requires a path even with lookup-only: true * feat: try to improve the gradle build by writing only once to the cache --------- Co-authored-by: Javier Ruiz <triomphe3@gmail.com> * Refactor/ios demos optimization (#3174) * chore: simplify matrix generation code and remove unnecessary steps * refactor: check out iOS demos only, let it fail if iOS repo was not found * refactor: simplify scripts, correct error behaviour and removed unnecessary steps * fix: macOS sed requires an empty extra argument * other: add some debug information to see what to cache * refactor: optimization attempts - group steps that must run before the build and cache build dir. Clean up file * attempt to cache ldid with a different action and fix sed path * chore: removed unnecessary step --------- Co-authored-by: Javier Ruiz <triomphe3@gmail.com> * Update contact.md (#3182) * Update contact.md * rm x * Update MITM to Machine-in-the-Middle (#3175) * update mitm to machine-in-the-middle * update * Update Document/0x04f-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Document/0x04f-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Document/0x04f-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update tests/android/MASVS-NETWORK/MASTG-TEST-0022.md * updated to Machine-in-the-Middle * updated to Machine-in-the-Middle * Apply suggestions from code review --------- Co-authored-by: Sven Schleier <sven@s7ven.info> Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Clarify and add MITM Techniques (by @nowsecure) (#3184) * fix markdown links * refactor: update Intercepting Network Traffic section titles and typos for "Using an Interception Proxy", "Hooking Network APIs" and "Passive Eavesdropping" * refactor: remove redundant section on network analyzer tools * refactor: update Xamarin traffic interception technique for clarity and consistency * refactor: update section levels for xamarin tech * refactor: improve clarity and structure in Xamarin tech * refactor: enhance clarity and structure in Intercepting Xamarin Traffic section * refactor: remove outdated section on proxy settings through runtime instrumentation * refactor: update section headings * refactor: add examples for installing CA certificates in Android and iOS for proxy usage * refactor: update section headings and titles * refactor: improve clarity and structure in the Interception proxy section * refactor: enhance clarity and structure in ARP Spoofing and MITM attack sections * refactor: enhance clarity and detail in the Intercepting HTTP Traffic section * refactor: update section headings and add per-platform instructions for proxy certificate installation * refactor: enhance the Intercepting Network Traffic section with general guidelines and detailed interception techniques * refactor: improve clarity in the Passive Eavesdropping section and enhance details on TLS decryption * refactor: enhance clarity and detail in the Passive Eavesdropping section, including improved examples and structured guidance * Apply suggestions from code review Co-authored-by: Jeroen Beckers <info@dauntless.be> * Update Document/0x04f-Testing-Network-Communication.md * update Passive eavesdropping how does it work * Update Document/0x04f-Testing-Network-Communication.md * refactor: improve clarity and consistency in the Intercepting Network Traffic section, correcting punctuation and enhancing readability * update: clarify DNS spoofing and port redirection for effective traffic interception * Update Document/0x04f-Testing-Network-Communication.md * update: expand passive eavesdropping section to include troubleshooting, analysis, and investigation scenarios * update: refactor MITM techniques into their own tech files. * update: fix section headings in MITM techniques * Update Document/0x04f-Testing-Network-Communication.md * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: Jeroen Beckers <info@dauntless.be> Co-authored-by: Sven <sven@bsddaemon.org> * fix: update references to Machine-in-the-Middle (MITM) (#3187) * Port MASTG-TEST-0022: Testing Custom Certificate Stores and Certificate Pinning (android) (by @Guardsquare) (#3035) * Port mastg test 0022 (by @Guardsquare) * Add missing tests * Apply minor fixes from code review * Apply suggestions from code review Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Add section for frameworks * Add sentence for native code * Apply suggestions from code review Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Review comments * Apply suggestions from code review Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update tests-beta/android/MASVS-NETWORK/MASTG-TEST-0242.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Document/0x05g-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Document/0x05g-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Update Document/0x05g-Testing-Network-Communication.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Review comments * Update tests-beta/android/MASVS-NETWORK/MASTG-TEST-0242.md Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Fix Test numbers * Update tests/android/MASVS-NETWORK/MASTG-TEST-0022.md --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> * Fix spelling errors in specified files (#3188) * Fix spelling errors in specified files * skip txt * [MASTG-TEST-0001] Add covered by MASTG-TEST-0201 and MASTG-TEST-0202 (#3193) * add , MASTG-TEST-0201 as it's relations to , MASTG-TEST-0200 mean it is practically the same test. * Add , MASTG-TEST-0202 to the deprecation list * MASTG v1->v2 MASTG-TEST-0061 Verifying the Configuration of Cryptographic Standard Algorithms (ios) and MASTG-TEST-0062 Testing Key Management (ios) (#3194) * MASTG-TEST-0209 MASTG-TEST-0210 tests will cover MASTG-TEST-0061 in v2 * MASTG-TEST-0213, MASTG-TEST-0214 will cover MASTG-TEST-0062 in v2 * Move testing for passcode to RESILIENCE * Update all CWE IDs on MASWE elements of MASVS-STORAGE-1. (#3145) * Update MASWE-0008: Change title and alias, refine description for device security enforcement * Move testing for passcode to RESILIENCE * remove duplicate test file * fix test ID MASTG-TEST-0242 to MASTG-TEST-0247 * MASTG-DEMO-0026: Update policy reference formatting and clarify passcode evaluation details * fix test ID MASTG-TEST-0243 to MASTG-TEST-0248 * fix test ID MASTG-TEST-0244 to MASTG-TEST-0249 * fix demo ID MASTG-DEMO-0027 * fix demo ID MASTG-DEMO-0028 * fix demo ID MASTG-DEMO-0028 (folder) * fix test ID MASTG-TEST-0064 covered_by order * Enhance demo ID MASTG-DEMO-0026 to log intercepted LAContext.canEvaluatePolicy calls with detailed backtrace * Update output for MASTG-DEMO-0026 * Refine terminology for secure screen lock in demos and tests * Enhance biometric checks in MastgTest to include strong biometric status and improve passcode reporting * Enhance MASTG-DEMO-0027 frida script to log detailed backtrace and biometric authentication status messages * Enhance MASTG-DEMO-0026 frida script to include configurable backtrace logging with a default of 8 lines * Add links to secure screen lock in MASTG-TEST-0247 and MASTG-TEST-0248 * Update output for MASTG-DEMO-0027 * Add AndroidManifest.xml for MASTG-DEMO-0027 with necessary permissions and application configuration * Add AndroidManifest.xml and reversed version for MASTG-DEMO-0028 with necessary permissions and application configuration * Update severity level and patterns for passcode presence rule in YAML configuration * Update output MASTG-DEMO-0028 * Update Frida command to target the correct application identifier for MASTG-DEMO-0026 * Update output for MASTG-DEMO-0026 * Fix bug when logging backtrace in MASTG-DEMO-0026 script * Update MASTG-DEMO-0026, MASTG-DEMO-0027 and MASTG-DEMO-0028 content * Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0027/AndroidManifest.xml * Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0028/AndroidManifest.xml * Update demos/android/MASVS-RESILIENCE/MASTG-DEMO-0028/AndroidManifest_reversed.xml --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com> Co-authored-by: Jeroen Beckers <info@dauntless.be> Co-authored-by: Sven <sven@bsddaemon.org> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Datafarm-Research <research@datafarm.co.th> Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> Co-authored-by: barbieri-mobisec <151826399+barbieri-mobisec@users.noreply.github.com> Co-authored-by: pruDhv! <58649792+sk3l10x1ng@users.noreply.github.com> Co-authored-by: Nuno Antunes <nmsantunes@gmail.com> Co-authored-by: José María Santos <99655739+jmariasantosdekra@users.noreply.github.com> Co-authored-by: Sven Schleier <sven@s7ven.info> Co-authored-by: truerick <53335071+truerick@users.noreply.github.com> Co-authored-by: Riccardo Poffo <131383845+poffo-mobisec@users.noreply.github.com> Co-authored-by: Riccardo Poffo <truerick@hotmail.it> Co-authored-by: Harshul Vaishnav <74126967+harshul-vaishnav@users.noreply.github.com> Co-authored-by: Javier Ruiz <javier.ruiz@outlook.de> Co-authored-by: Javier Ruiz <triomphe3@gmail.com> Co-authored-by: Rick M <kingthorin@users.noreply.github.com> Co-authored-by: titze <dennis.titze@guardsquare.com> Co-authored-by: Uncle Joe <1244005+sydseter@users.noreply.github.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A cleanup of all the iOS signing / installing / running in debug mode.
I tried to be pragmatic, focussing on different techniques that work (I tested all of them, it was not a fun day) and also focussing on modern solutions rather than keep holding on to outdated ones.
This fixes #3090