Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spellcheck on 0x04 and 0x05 #1151

Merged
merged 5 commits into from
Mar 7, 2019
Merged

Spellcheck on 0x04 and 0x05 #1151

merged 5 commits into from
Mar 7, 2019

Conversation

TheDauntless
Copy link
Collaborator

@TheDauntless TheDauntless commented Mar 6, 2019
edited
Loading

Thank you for submitting a Pull Request to the Mobile Security Testing Guide. Please make sure that:

  • Your contribution is written in the 2nd person (e.g. you)
  • Your contribution is written in an active present form for as much as possible.
  • You have made sure that the reference section is up to date (e.g. please add sources you have used, make sure that the references to MITRE/MASVS/etc. are up to date)
  • Your contribution has proper formatted markdown and/or code
  • Any references to website have been formatted as [TEXT](URL “NAME”)
  • You verified/tested the effectiveness of your contribution (e.g.: is the code really an effective remediation? Please verify it works!)

Typo's, UK english and inconstancies. I used Wikipedia as the reference for technical terms, or the author's own website (eg smali and Frida)

Already consistent:

  • smali
  • Internet
  • Dalvik
  • KeyStore
  • Frida
  • Burp (not Burp Suite or any variant)
  • Base32
  • Base64
  • Wi-Fi

Stuff I've not touched, can use input:

  • apk / APK ?
  • Lifeycle / Life Cycle ?

@commjoen
Copy link
Collaborator

commjoen commented Mar 6, 2019

let's do APK as it is an abbreviation for Android Package

@commjoen
Copy link
Collaborator

commjoen commented Mar 6, 2019
edited
Loading

I am afraid we should say life cycle as that is what the majority is doing, although late literature (30 years) has started to introduce lifecycle as well.

commjoen
commjoen suggested changes Mar 6, 2019
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree on most of your changes, just some minor comments and final inputs! Keep it coming and we can have a great quality update 👍 !

Document/0x05c-Reverse-Engineering-and-Tampering.md Show resolved Hide resolved
Document/0x05a-Platform-Overview.md Outdated
In the Android SDK, a new key pair is generated with the `keytool` command. The following command creates a RSA key pair with a key length of 2048 bits and an expiry time of 7300 days = 20 years. The generated key pair is stored in the file 'myKeyStore.jks', which is in the current directory):
```shell
$ keytool -genkey -alias myDomain -keyalg RSA -keysize 2048 -validity 7300 -keystore myKeyStore.jks -storepass myStrongPassword
```

Safely storing your secret key and making sure it remains secret during its entire lifecycle is of paramount importance. Anyone who gains access to the key will be able to publish updates to your apps with content that you don't control (thereby adding insecure features or accessing shared content with signature-based permissions). The trust that a user places in an app and its developers is based totally on such certificates; certificate protection and secure management are therefore vital for reputation and customer retention, and secret keys must never be shared with other individuals. Keys are stored in a binary file that can be protected with a password; such files are referred to as 'keystores'. Keystore passwords should be strong and known only to the key creator. For this reason, keys are usually stored on a dedicated build machine that developers have limited access to.
Safely storing your secret key and making sure it remains secret during its entire lifecycle is of paramount importance. Anyone who gains access to the key will be able to publish updates to your apps with content that you don't control (thereby adding insecure features or accessing shared content with signature-based permissions). The trust that a user places in an app and its developers is based totally on such certificates; certificate protection and secure management are therefore vital for reputation and customer retention, and secret keys must never be shared with other individuals. Keys are stored in a binary file that can be protected with a password; such files are referred to as 'KeyStores'. KeyStore passwords should be strong and known only to the key creator. For this reason, keys are usually stored on a dedicated build machine that developers have limited access to.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we keep on having the capital in case of plural?

@TheDauntless
Copy link
Collaborator Author

Turns out there were fewer "apk"s than I thought (apart from legitimate ones in tool names or extensions).

@commjoen
Copy link
Collaborator

commjoen commented Mar 7, 2019

Thanks!

@commjoen commjoen merged commit 5b4504a into OWASP:master Mar 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@commjoen commjoen commjoen approved these changes

Assignees

@TheDauntless TheDauntless

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TheDauntless @commjoen