32 Pull requests merged by 12 people

• Fix images paths in Update structure_masvs.sh

  #3071 merged Nov 13, 2024

• Dont depend on system's printf for the r2 scripts

  #3070 merged Nov 12, 2024

• Fix broken link in MASWE-0116.md

  #3068 merged Nov 9, 2024

• Update isExcludedFromBackup.r2

  #3067 merged Nov 8, 2024

• Update isExcludedFromBackup.r2

  #3066 merged Nov 8, 2024

• Update MASTG-DEMO-0019.md

  #3065 merged Nov 8, 2024

• Port MASTG test 0038 (by @guardsquare)

  #3044 merged Nov 7, 2024

• Fix typo MASTG-TOOL-0122 title name

  #3058 merged Nov 7, 2024

• Update MASWE-0002.md

  #3060 merged Nov 7, 2024

• Update MASWE-0116.md

  #3057 merged Nov 7, 2024

• Port MASTG test 0044 (by @guardsquare)

  #3049 merged Nov 7, 2024

• blutter tool added (by @appknox)

  #2881 merged Nov 7, 2024

• Port MASTG-TEST-0001 (by @guardsquare)

  #3040 merged Nov 7, 2024

• Update MASWE-0002.md

  #3050 merged Nov 7, 2024

• Port MASTG-TEST-0013 (by @guardsquare)

  #3033 merged Nov 6, 2024

• Port MASTG-TEST-0081 (by @guardsquare)

  #3034 merged Nov 6, 2024

• Fix quotes

  #3043 merged Nov 6, 2024

• Port MASTG-TEST-0083 (by @guardsquare)

  #3029 merged Nov 6, 2024

• Port mastg test 0020 (by @guardsquare)

  #3027 merged Nov 6, 2024

• Improve Android backup extract commands

  #2920 merged Nov 4, 2024

• Update Style Guide to remove $

  #3025 merged Nov 4, 2024

• fix display of deprecated

  #3022 merged Nov 2, 2024

• fix android mappings

  #2927 merged Nov 2, 2024

• Proof-Reading: HTTP Tookit (by @appknox)

  #2914 merged Oct 30, 2024

• Add MASWE-PRIVACY Weaknesses

  #2860 merged Oct 30, 2024

• Update MASTG-DEMO-0019.md

  #2926 merged Oct 28, 2024

• Refactor r2-based demos for consistency and to add AI decompiled code

  #2925 merged Oct 28, 2024

• Update MASTG-DEMO-0019 (Title)

  #2924 merged Oct 28, 2024

• Update MASTG-DEMO-0008 (Title)

  #2923 merged Oct 28, 2024

• Add Frida replacing xposed to MASTG-TEST-0023

  #2918 merged Oct 25, 2024

• Fix broken links in MASTG-TEST-0028

  #2916 merged Oct 24, 2024

• [MASWE-0004] Sensitive Data Not Excluded From Backup

  #2866 merged Oct 19, 2024

26 Pull requests opened by 8 people

• Sensitive Data Leaked via Screenshots

  #2917 opened Oct 25, 2024

• Add MASWE-0047, MASWE-0048, MASWE-0049, MASWE-0050, MASWE-0051, MASWE-0052

  #2919 opened Oct 26, 2024

• [MASWE-0023] Weak Padding

  #2922 opened Oct 28, 2024

• Port-MASTG-TEST-0017

  #3024 opened Nov 4, 2024

• Mark MASTG-TEST-0016 as covered by v2 (by @guardsquare)

  #3026 opened Nov 4, 2024

• Port MASTG-TEST-0009 (by @guardsquare)

  #3028 opened Nov 4, 2024

• Port MASTG test 0019 (by @guardsquare)

  #3030 opened Nov 4, 2024

• Port MASTG-TEST-0060 (by @guardsquare)

  #3031 opened Nov 5, 2024

• Port mastg test 0022 (by @guardsquare)

  #3035 opened Nov 5, 2024

• Port MASTG-TEST-0015 to v2 (by @guardsquare)

  #3036 opened Nov 5, 2024

• Add MASWE-0043

  #3037 opened Nov 5, 2024

• Port MASTG-TEST-0053 (by @guardsquare)

  #3038 opened Nov 5, 2024

• Port MASTG-TEST-0058 (by @guardsquare)

  #3039 opened Nov 5, 2024

• Port MASTG-TEST-0076 (by @guardsquare)

  #3041 opened Nov 5, 2024

• Port MASTG test 0039 (by @guardsquare)

  #3042 opened Nov 6, 2024

• Port MASTG-TEST-0052 (by @guardsquare)

  #3045 opened Nov 6, 2024

• Port MASTG-TEST-0054 (by @guardsquare)

  #3047 opened Nov 6, 2024

• MASTG-TEST-0080

  #3048 opened Nov 6, 2024

• Port MASTG-TEST-0073 (by @guardsquare)

  #3051 opened Nov 7, 2024

• Added tool Apkleaks (by @appknox)

  #3052 opened Nov 7, 2024

• Port MASTG-TEST-0055 (by @guardsquare)

  #3054 opened Nov 7, 2024

• Port MASTG-TEST-0006 (by @guardsquare)

  #3055 opened Nov 7, 2024

• Port MASTG test 0087 (by @guardsquare)

  #3056 opened Nov 7, 2024

• Port MASTG-TEST-0003 (by @guardsquare)

  #3059 opened Nov 7, 2024

• Port MASTG-TEST-0027

  #3061 opened Nov 7, 2024

• Ports MASTG-TEST-0014 (by @guardsquare)

  #3064 opened Nov 7, 2024

11 Issues closed by 2 people

• MASTG v1->v2 MASTG-TEST-0038: Making Sure that the App is Properly Signed (android)

  #3015 closed Nov 7, 2024

• MASTG v1->v2 MASTG-TEST-0044: Make Sure That Free Security Features Are Activated (android)

  #2998 closed Nov 7, 2024

• [Tool] Add blutter?

  #2619 closed Nov 7, 2024

• MASTG v1->v2 MASTG-TEST-0001: Testing Local Storage for Sensitive Data (android)

  #2940 closed Nov 7, 2024

• MASTG v1->v2 MASTG-TEST-0013: Testing Symmetric Cryptography (android)

  #2946 closed Nov 6, 2024

• MASTG v1->v2 MASTG-TEST-0081: Making Sure that the App Is Properly Signed (ios)

  #3002 closed Nov 6, 2024

• MASTG v1->v2 MASTG-TEST-0083: Testing for Debugging Symbols (ios)

  #3008 closed Nov 6, 2024

• MASTG v1->v2 MASTG-TEST-0020: Testing the TLS Settings (android)

  #2961 closed Nov 6, 2024

• Getting text message's

  #2921 closed Oct 27, 2024

• [Bug] Links about Android App Links Verification not working

  #2915 closed Oct 24, 2024

• [MASWE-0004] Sensitive Data Not Excluded From Backup

  #2542 closed Oct 19, 2024

90 Issues opened by 4 people

• Rewrite all .r2 scripts in the MASTG-DEMO-xxxx folders to use python and r2pipe

  #3069 opened Nov 10, 2024

• Move "Method Hooking" to separate technique

  #3062 opened Nov 7, 2024

• [Bug] unclear test specification for enforced updating

  #3046 opened Nov 6, 2024

• MASTG v2 demos for MASTG-TEST-0013

  #3032 opened Nov 5, 2024

• MASTG v1->v2 MASTG-TEST-0045: Testing Root Detection (android)

  #3021 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging (android)

  #3020 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0051: Testing Obfuscation (android)

  #3019 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0040: Testing for Debugging Symbols (android)

  #3018 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0050: Testing Runtime Integrity Checks (android)

  #3017 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0049: Testing Emulator Detection (android)

  #3016 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0039: Testing whether the App is Debuggable (android)

  #3014 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0048: Testing Reverse Engineering Tools Detection (android)

  #3013 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0047: Testing File Integrity Checks (android)

  #3012 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0046: Testing Anti-Debugging Detection (android)

  #3011 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0082: Testing whether the App is Debuggable (ios)

  #3010 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0092: Testing Emulator Detection (ios)

  #3009 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0093: Testing Obfuscation (ios)

  #3007 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0088: Testing Jailbreak Detection (ios)

  #3006 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0089: Testing Anti-Debugging Detection (ios)

  #3005 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0084: Testing for Debugging Code and Verbose Error Logging (ios)

  #3004 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0090: Testing File Integrity Checks (ios)

  #3003 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0091: Testing Reverse Engineering Tools Detection (ios)

  #3001 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0034: Testing Object Persistence (android)

  #3000 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0025: Testing for Injection Flaws (android)

  #2999 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0026: Testing Implicit Intents (android)

  #2997 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0043: Memory Corruption Bugs (android)

  #2996 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0002: Testing Local Storage for Input Validation (android)

  #2995 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0036: Testing Enforced Updating (android)

  #2994 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0027: Testing for URL Loading in WebViews (android)

  #2993 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0042: Checking for Weaknesses in Third Party Libraries (android)

  #2992 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0086: Memory Corruption Bugs (ios)

  #2991 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0087: Make Sure That Free Security Features Are Activated (ios)

  #2990 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0079: Testing Object Persistence (ios)

  #2989 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0080: Testing Enforced Updating (ios)

  #2988 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0085: Checking for Weaknesses in Third Party Libraries (ios)

  #2987 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0030: Testing for Vulnerable Implementation of PendingIntent (android)

  #2986 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0024: Testing for App Permissions (android)

  #2985 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0010: Finding Sensitive Information in Auto-Generated Screenshots (android)

  #2984 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0035: Testing for Overlay Attacks (android)

  #2983 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0031: Testing JavaScript Execution in WebViews (android)

  #2982 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0008: Checking for Sensitive Data Disclosure Through the User Interface (android)

  #2981 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0028: Testing Deep Links (android)

  #2980 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0029: Testing for Sensitive Functionality Exposure Through IPC (android)

  #2979 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0032: Testing WebView Protocol Handlers (android)

  #2978 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0033: Testing for Java Objects Exposed Through WebViews (android)

  #2977 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0007: Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms (android)

  #2976 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0037: Testing WebViews Cleanup (android)

  #2975 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0071: Testing UIActivity Sharing (ios)

  #2974 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0075: Testing Custom URL Schemes (ios)

  #2973 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0074: Testing for Sensitive Functionality Exposure Through IPC (ios)

  #2972 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0070: Testing Universal Links (ios)

  #2971 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0059: Testing Auto-Generated Screenshots for Sensitive Information (ios)

  #2970 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0069: Testing App Permissions (ios)

  #2969 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0078: Determining Whether Native Methods Are Exposed Through WebViews (ios)

  #2968 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0077: Testing WebView Protocol Handlers (ios)

  #2967 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0073: Testing UIPasteboard (ios)

  #2966 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0057: Checking for Sensitive Data Disclosed Through the User Interface (ios)

  #2965 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0072: Testing App Extensions (ios)

  #2964 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0056: Determining Whether Sensitive Data Is Exposed via IPC Mechanisms (ios)

  #2963 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0076: Testing iOS WebViews (ios)

  #2962 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0021: Testing Endpoint Identify Verification (android)

  #2960 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0019: Testing Data Encryption on the Network (android)

  #2959 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0022: Testing Custom Certificate Stores and Certificate Pinning (android)

  #2958 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0023: Testing the Security Provider (android)

  #2957 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0065: Testing Data Encryption on the Network (ios)

  #2956 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0068: Testing Custom Certificate Stores and Certificate Pinning (ios)

  #2955 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0067: Testing Endpoint Identity Verification (ios)

  #2954 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0066: Testing the TLS Settings (ios)

  #2953 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0018: Testing Biometric Authentication (android)

  #2952 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0017: Testing Confirm Credentials (android)

  #2951 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0064: Testing Local Authentication (ios)

  #2950 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0014: Testing the Configuration of Cryptographic Standard Algorithms (android)

  #2949 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0015: Testing the Purposes of Keys (android)

  #2948 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0016: Testing Random Number Generation (android)

  #2947 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0061: Verifying the Configuration of Cryptographic Standard Algorithms (ios)

  #2945 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0063: Testing Random Number Generation (ios)

  #2944 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0062: Testing Key Management (ios)

  #2943 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services (android)

  #2942 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0011: Testing Memory for Sensitive Data (android)

  #2941 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0005: Determining Whether Sensitive Data Is Shared with Third Parties via Notifications (android)

  #2939 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0009: Testing Backups for Sensitive Data (android)

  #2938 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0012: Testing the Device-Access-Security Policy (android)

  #2937 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields (android)

  #2936 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0003: Testing Logs for Sensitive Data (android)

  #2935 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0055: Finding Sensitive Data in the Keyboard Cache (ios)

  #2934 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0060: Testing Memory for Sensitive Data (ios)

  #2933 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0054: Determining Whether Sensitive Data Is Shared with Third Parties (ios)

  #2932 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0058: Testing Backups for Sensitive Data (ios)

  #2931 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0053: Checking Logs for Sensitive Data (ios)

  #2930 opened Nov 2, 2024

• MASTG v1->v2 MASTG-TEST-0052: Testing Local Data Storage (ios)

  #2929 opened Nov 2, 2024

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Reverse Engineer Flutter Technique

  #2913 commented on Oct 24, 2024 • 9 new comments

• [MASWE-0020] Weak Encryption (by @appknox)

  #2910 commented on Nov 5, 2024 • 8 new comments

• MASWE-0076 - Dependencies with Known Vulnerabilities (SBOM)

  #2912 commented on Nov 10, 2024 • 4 new comments

• [MASWE-0055] New MASWE Weakness

  #2695 commented on Oct 25, 2024 • 0 new comments

• [TOOL] Add APKleaks & Deprecate APKEnum

  #2818 commented on Oct 26, 2024 • 0 new comments

• [Tool] Add blint for SBOM

  #2613 commented on Oct 27, 2024 • 0 new comments

• [MASWE-0103] New MASWE Weakness

  #2773 commented on Nov 1, 2024 • 0 new comments

• [Tool] medusa

  #2091 commented on Nov 5, 2024 • 0 new comments

• [MASWE-0047] New MASWE Weakness

  #2686 commented on Nov 6, 2024 • 0 new comments

• [MASWE-0049] New MASWE Weakness

  #2689 commented on Nov 6, 2024 • 0 new comments

• [MASWE-0050] New MASWE Weakness

  #2690 commented on Nov 6, 2024 • 0 new comments

• [MASWE-0051] New MASWE Weakness

  #2691 commented on Nov 6, 2024 • 0 new comments

• [MASWE-0052] New MASWE Weakness

  #2692 commented on Nov 6, 2024 • 0 new comments

• [MASWE-0048] New MASWE Weakness

  #2688 commented on Nov 6, 2024 • 0 new comments

• Add Passkeys

  #2283 commented on Nov 6, 2024 • 0 new comments

• updated patching IPAs

  #2907 commented on Nov 5, 2024 • 0 new comments