https://github.com/OWASP/owasp-mstg/releases/download/1.1.3-excel/MSTG-EN.pdf
- Mobile App Authentication Architectures
- Testing Network Communication
- Cryptography for Mobile Apps
- Testing Code Quality
- Tampering and Reverse Engineering
- Testing User Interaction
- Android Platform Overview
- Android Basic Security Testing
- Data Storage on Android
- Android Cryptographic APIs
- Local Authentication on Android
- Android Network APIs
- Android Platform APIs
- Code Quality and Build Settings for Android Apps
- Tampering and Reverse Engineering on Android #TODO
- Android Anti-Reversing Defenses #TODO
- #TODO
$ adb install MSTG-Hacking-Playground/Android/MSTG-Android-Java-App/app/app-x86-debug.apk
hints can be found here
https://github.com/OWASP/MSTG-Hacking-Playground/wiki/Android-App
https://github.com/bwinsight/mobile-omtg
- OMTG-DATAST-001-BADENCRYPTION
- OMTG-DATAST-001-KEYCHAIN
- OMTG-DATAST-001-KEYSTORE
- OMTG-DATAST-001-INTERNALSTORAGE
- OMTG-DATAST-001-EXTERNALSTORAGE
- OMTG-DATAST-001-SHAREDPREFERENCES
- OMTG-DATAST-001-SQLITE
- OMTG-DATAST-001-SQLITE-ENCRYPTED
- OMTG-DATAST-002-LOGGING
- OMTG-DATAST-005-KEYBOARD-CACHE
- OMTG-DATAST-006-CLIPBOARD
- OMTG-DATAST-011-MEMORY
- OMTG-ENV-005-WEBVIEW-REMOTE
- OMTG-ENV-005-WEBVIEW-LOCAL
- OMTG-CODING-003-BEST-PRACTICE
- OMTG-CODING-003-SQL-INJECTION
- OMTG-CODING-003-SQL-INJECTION-CONTENT-PROVIDER
- OMTG-CODING-004-CODE-INJECTION #FIXME
- OMTG-NETW-001-SECURE-CHANNEL
- OMTG-NETW-004-SSL-PINNING
- OMTG-NETW-004-SSL-PINNING-CERTIFICATE #TODO
https://github.com/OWASP/owasp-mstg/tree/master/Crackmes