├── Document ├── 0x01-Foreword.md ├── 0x02a-Frontispiece.md ├── 0x02b-MASVS-MASTG-Adoption.md ├── 0x02c-Acknowledgements.md ├── 0x03-Overview.md ├── 0x04a-Mobile-App-Taxonomy.md ├── 0x04b-Mobile-App-Security-Testing.md ├── 0x04c-Tampering-and-Reverse-Engineering.md ├── 0x04e-Testing-Authentication-and-Session-Management.md ├── 0x04f-Testing-Network-Communication.md ├── 0x04g-Testing-Cryptography.md ├── 0x04h-Testing-Code-Quality.md ├── 0x04i-Testing-User-Privacy-Protection.md ├── 0x05a-Platform-Overview.md ├── 0x05b-Basic-Security_Testing.md ├── 0x05c-Reverse-Engineering-and-Tampering.md ├── 0x05d-Testing-Data-Storage.md ├── 0x05e-Testing-Cryptography.md ├── 0x05f-Testing-Local-Authentication.md ├── 0x05g-Testing-Network-Communication.md ├── 0x05h-Testing-Platform-Interaction.md ├── 0x05i-Testing-Code-Quality-and-Build-Settings.md ├── 0x05j-Testing-Resiliency-Against-Reverse-Engineering.md ├── 0x06a-Platform-Overview.md ├── 0x06b-Basic-Security-Testing.md ├── 0x06c-Reverse-Engineering-and-Tampering.md ├── 0x06d-Testing-Data-Storage.md ├── 0x06e-Testing-Cryptography.md ├── 0x06f-Testing-Local-Authentication.md ├── 0x06g-Testing-Network-Communication.md ├── 0x06h-Testing-Platform-Interaction.md ├── 0x06i-Testing-Code-Quality-and-Build-Settings.md ├── 0x06j-Testing-Resiliency-Against-Reverse-Engineering.md ├── 0x08a-Testing-Tools.md ├── 0x08b-Reference-Apps.md ├── 0x09-Suggested-Reading.md ├── CHANGELOG.md ├── Images │ ├── CC-license.png │ ├── Chapters │ │ ├── 0x03 │ │ │ └── owasp-mobile-overview.png │ │ ├── 0x04 │ │ │ └── frida.png │ │ ├── 0x04b │ │ │ ├── DevSecOpsProcess.JPG │ │ │ ├── ExampleOfADevSecOpsProcess.jpg │ │ │ └── SDLCOverview.jpg │ │ ├── 0x04c │ │ │ ├── Ghidra_elf_import.png │ │ │ ├── Ghidra_function_graph.png │ │ │ ├── Ghidra_import_binary.png │ │ │ ├── Ghidra_main_window.png │ │ │ ├── Ghidra_new_project.png │ │ │ └── Ghidra_string_window.png │ │ ├── 0x04e │ │ │ ├── BurpIntruderInputList.gif │ │ │ ├── BurpIntruderInputList.png │ │ │ ├── BurpIntruderSuccessfulAttack.png │ │ │ ├── abstract_oath2_flow.png │ │ │ └── zxcvbn.png │ │ ├── 0x04f │ │ │ ├── BURP.png │ │ │ ├── architecture_MITM_AP.png │ │ │ ├── bettercap.png │ │ │ └── burp_xamarin.png │ │ ├── 0x04i │ │ │ └── masa_framework.png │ │ ├── 0x05a │ │ │ ├── Selection_003.png │ │ │ ├── android_software_stack.png │ │ │ ├── apk-validation-process-v3-scheme.png │ │ │ ├── apk-validation-process.png │ │ │ ├── binder.jpg │ │ │ ├── java2oat.png │ │ │ └── java_vs_dalvik.png │ │ ├── 0x05b │ │ │ ├── Android_Wireshark.png │ │ │ ├── FCM-notifications-overview.png │ │ │ ├── FCM-notifications-overview.svg │ │ │ ├── FCM_Intercept.png │ │ │ ├── android-advanced-options.png │ │ │ ├── android-cert-install.png │ │ │ ├── android-confirm.png │ │ │ ├── android-downloads-app.png │ │ │ ├── android-modify-network.png │ │ │ ├── android-proxy-hostname-port.png │ │ │ ├── android-proxy-manual.png │ │ │ ├── android-settings.png │ │ │ ├── android-studio-file-device-explorer.png │ │ │ ├── android-wifi-on.png │ │ │ ├── android-wifi-settings.png │ │ │ ├── android_ssl_pinning_bypass.png │ │ │ ├── burp-add-proxy.png │ │ │ ├── burp-bind-port-and-address.png │ │ │ ├── burp-ca-certificate.png │ │ │ ├── burp-https-intercepted.png │ │ │ ├── burp-intercepted-request.png │ │ │ ├── burp-running-proxy.png │ │ │ ├── emulator-proxy.jpg │ │ │ ├── emulator-proxy.png │ │ │ ├── log_output_Android_Studio.png │ │ │ ├── mail-cert-download.png │ │ │ ├── mobsf_android.png │ │ │ ├── mstg-network.png │ │ │ ├── r2_graphmode.png │ │ │ ├── r2_pd_10.png │ │ │ ├── r2_visualmode_disass.png │ │ │ ├── r2_visualmode_hex.png │ │ │ ├── server.png │ │ │ ├── sftp-with-filezilla.png │ │ │ ├── string.png │ │ │ └── tcpdump_and_wireshard_on_android.png │ │ ├── 0x05c │ │ │ ├── Choose_Process.png │ │ │ ├── Force_Step_Into.png │ │ │ ├── Ghidra_decompiled_function.png │ │ │ ├── IDA_open_file.jpg │ │ │ ├── JNI_interface.png │ │ │ ├── MainActivity_verify.png │ │ │ ├── anti_debug_anti_tamper_defeated.png │ │ │ ├── archs.jpg │ │ │ ├── check_input.jpg │ │ │ ├── crackme-1.jpg │ │ │ ├── crackme-1.png │ │ │ ├── crackme-2.jpg │ │ │ ├── crackme-frida-1.png │ │ │ ├── custom_kernel.jpg │ │ │ ├── debugger_detection.jpg │ │ │ ├── debugger_detection.png │ │ │ ├── delete_package.jpg │ │ │ ├── developer-options.jpg │ │ │ ├── developer-options.png │ │ │ ├── disass_main_1874.png │ │ │ ├── drag_code.jpg │ │ │ ├── file_exists_false.png │ │ │ ├── final_structure.jpg │ │ │ ├── frida_trace_native_functions.png │ │ │ ├── fucntion_a_of_class_sg_vantagepoint_a.png │ │ │ ├── ghidra_dex_strings.png │ │ │ ├── graph_1874.png │ │ │ ├── graph_ifelse_1760.png │ │ │ ├── helloworld.jpg │ │ │ ├── helloworld.png │ │ │ ├── helloworld_stringfromjni.jpg │ │ │ ├── intellij_new_project.jpg │ │ │ ├── jni_tracing_helloworldjni.png │ │ │ ├── loop_1784.png │ │ │ ├── method_breakpoint.jpg │ │ │ ├── modified_binary_name.png │ │ │ ├── patching-sslpinning.jpg │ │ │ ├── pseudocode_1760.png │ │ │ ├── refactored.jpg │ │ │ ├── sdk_manager.jpg │ │ │ ├── secret_code.png │ │ │ ├── set_breakpoint_and_attach_debugger.png │ │ │ ├── set_value.png │ │ │ ├── sg_vantagepoint_uncrackable1_a_function_a.png │ │ │ ├── step_out.png │ │ │ ├── step_over.png │ │ │ ├── success.png │ │ │ ├── syscall_hooking.jpg │ │ │ ├── values_compare_17dc.png │ │ │ ├── variables.png │ │ │ └── waitfordebugger.png │ │ ├── 0x05d │ │ │ ├── 1.png │ │ │ ├── 2.png │ │ │ ├── 3.png │ │ │ ├── Android9_secure_key_import_to_keystore.jpg │ │ │ ├── Android9_secure_key_import_to_keystore.png │ │ │ ├── Dump_Java_Heap.png │ │ │ ├── FirebaseScannerImage.png │ │ │ └── Package_Tree_View.png │ │ ├── 0x05f │ │ │ └── biometricprompt-architecture.png │ │ ├── 0x05h │ │ │ ├── MobSF_Show_Components.png │ │ │ └── app-disambiguation.png │ │ ├── 0x05j │ │ │ └── proguard.jpg │ │ ├── 0x06a │ │ │ ├── code_signing.png │ │ │ ├── iOS_Folder_Structure.png │ │ │ ├── iOS_Security_Architecture.png │ │ │ └── iOS_project_folder.png │ │ ├── 0x06b │ │ │ ├── HopperDecompile.png │ │ │ ├── HopperDisassembling.png │ │ │ ├── Passionfruit.png │ │ │ ├── Passionfruit_Keychain.png │ │ │ ├── Passionfruit_files.png │ │ │ ├── cydia.png │ │ │ ├── device_console.png │ │ │ ├── finder_ipad_view.png │ │ │ ├── finder_unveil_udid.png │ │ │ ├── fridaStockiOS.png │ │ │ ├── install_agent_1.jpg │ │ │ ├── install_agent_2.jpg │ │ │ ├── install_needle_agent.jpg │ │ │ ├── install_needle_agent.png │ │ │ ├── ios_ssl_pinning_bypass.png │ │ │ ├── mobsf_ios.png │ │ │ ├── needle_agent.jpg │ │ │ ├── needle_agent.png │ │ │ ├── open_device_console.png │ │ │ ├── passionfruit_bundle_dir.png │ │ │ ├── passionfruit_classes.png │ │ │ ├── passionfruit_classes_detail.png │ │ │ ├── passionfruit_console_logs.png │ │ │ ├── passionfruit_data_dir.png │ │ │ ├── passionfruit_db_view.png │ │ │ ├── passionfruit_file_download.png │ │ │ ├── passionfruit_installed_apps.png │ │ │ ├── passionfruit_modules.png │ │ │ ├── passionfruit_modules_detail.png │ │ │ ├── passionfruit_plist_view.png │ │ │ ├── passionfruit_userdefaults.png │ │ │ ├── setBurpProxy.png │ │ │ ├── setProxyiDevice.png │ │ │ └── wireshark_filters.png │ │ ├── 0x06c │ │ │ ├── Cycript_Jailbreak.png │ │ │ ├── Cycript_Jailbreak_Passed.png │ │ │ ├── Cycript_bypass_Jailbreak.png │ │ │ ├── cycript_sample.png │ │ │ ├── debugging_ghidra_breakpoint.png │ │ │ ├── debugging_ghidra_image_base_address.png │ │ │ ├── debugging_lldb_breakpoint_solution.png │ │ │ ├── debugging_lldb_image_list.png │ │ │ ├── frida-xcode-log.png │ │ │ ├── ida_macho_import.png │ │ │ ├── ida_main_window.png │ │ │ ├── manual_reversing_app_home_screen.png │ │ │ ├── manual_reversing_app_home_screen2.png │ │ │ ├── manual_reversing_app_wrong_input.png │ │ │ ├── manual_reversing_ghidra_buttonclick_decompiled.png │ │ │ ├── manual_reversing_ghidra_function_graph.png │ │ │ ├── manual_reversing_ghidra_native_disassembly.png │ │ │ ├── manual_reversing_ghidra_objc_runtime_strings.png │ │ │ ├── manual_reversing_ghidra_strings.png │ │ │ ├── manual_reversing_ghidra_symbol_tree.png │ │ │ ├── manual_reversing_ghidra_viewdidload_decompile.png │ │ │ └── uncrackable_sections.png │ │ ├── 0x06d │ │ │ ├── bither_demo_enable_pin.png │ │ │ ├── bither_demo_imazing_1.png │ │ │ ├── bither_demo_pin_screen.png │ │ │ ├── bither_demo_plist.png │ │ │ └── key_hierarchy_apple.jpg │ │ ├── 0x06g │ │ │ └── manual-server-trust-evaluation.png │ │ ├── 0x06h │ │ │ ├── URL_scheme.png │ │ │ ├── airdrop_openwith.png │ │ │ ├── allowed_universal_link.png │ │ │ ├── app_extensions_communication.png │ │ │ ├── app_extensions_container_restrictions.png │ │ │ ├── apple-app-site-association-file_validation.png │ │ │ ├── exploit_javascript_bridge.png │ │ │ ├── forbidden_universal_link.png │ │ │ ├── iGoat_opened_via_url_scheme.jpg │ │ │ ├── open_in_telegram_via_universallink.png │ │ │ ├── open_in_telegram_via_urlscheme.png │ │ │ ├── permission_request_alert.png │ │ │ ├── purpose_strings_xcode.png │ │ │ ├── settings_allow_screen.png │ │ │ ├── sfsafariviewcontroller.png │ │ │ ├── share_activity_sheet.png │ │ │ ├── telegram_add_stickers_universal_link.png │ │ │ ├── telegram_share_extension.png │ │ │ ├── telegram_share_something.png │ │ │ └── xcode_embed_app_extensions.png │ │ ├── 0x06j │ │ │ ├── Android9_secure_key_import_to_keystore.jpg │ │ │ ├── control-flow-flattening.png │ │ │ ├── deviceISjailbroken.png │ │ │ ├── deviceisNOTjailbroken.png │ │ │ ├── no_obfuscation.jpg │ │ │ ├── no_obfuscation.png │ │ │ ├── ptraceDisassembly.png │ │ │ ├── ptracePatched.png │ │ │ ├── swiftshield_obfuscated.jpg │ │ │ ├── swiftshield_obfuscated.png │ │ │ ├── sysctlOriginal.png │ │ │ └── sysctlPatched.png │ │ ├── 0x07b │ │ │ ├── blackbox-resiliency-testing.png │ │ │ ├── boxplot.png │ │ │ └── multiprocess-fork-ptrace.png │ │ ├── 0x07c │ │ │ ├── ECB.png │ │ │ └── EncryptionMode.png │ │ ├── 0x08a │ │ │ └── jadx_copy_frida_snippet.png │ │ ├── 0x5e │ │ │ ├── EncryptionMode.png │ │ │ └── static_encryption_key.png │ │ └── 0x6f │ │ │ ├── biometric_auth_try_again.jpg │ │ │ └── boimetric_auth.jpg │ ├── Donators │ │ └── donators.png │ ├── GitHub_logo.png │ ├── ISBN.png │ ├── OWASP_logo-bw.png │ ├── OWASP_logo_white.png │ ├── Other │ │ ├── GitHub_logo.png │ │ ├── android-logo.png │ │ ├── bsi-logo.png │ │ ├── crest_logo.jpg │ │ ├── ioxt-logo.png │ │ ├── nist-logo.png │ │ ├── nowsecure-logo.png │ │ ├── trusted-by-logos.png │ │ └── uncrackable-logo.png │ ├── checklist_en_filled.png │ ├── license.jpg │ ├── logo_circle.png │ ├── masvs_cover.png │ ├── masvs_refactor.png │ ├── mstg-cover-release-small.jpg │ ├── mstg_cover.png │ ├── open_website.png │ ├── owasp_mas_header.png │ ├── slack_logo.png │ ├── summit-team.jpg │ ├── summit_preview.jpg │ ├── titlepage-small.jpg │ └── twitter_logo.png ├── LANGUAGE-METADATA ├── SUMMARY.md ├── metadata.md └── metadata.yml └── README.md /Document/0x01-Foreword.md: -------------------------------------------------------------------------------- 1 | # Foreword 2 | 3 | Welcome to the OWASP Mobile Application Security Testing Guide. Feel free to explore the existing content, but do note that it may change at any time. New APIs and best practices are introduced in iOS and Android with every major (and minor) release and also vulnerabilities are found every day. 4 | 5 | If you have feedback or suggestions, or want to contribute, create an issue on GitHub or ping us on Slack. See the README for instructions: 6 | 7 | 8 | 9 | **squirrel (noun plural): Any arboreal sciurine rodent of the genus Sciurus, such as S. vulgaris (red squirrel) or S. carolinensis (grey squirrel), having a bushy tail and feeding on nuts, seeds, etc.** 10 | 11 | On a beautiful summer day, a group of ~7 young men, a woman, and approximately three squirrels met in a Woburn Forest villa during the OWASP Security Summit 2017. So far, nothing unusual. But little did you know, within the next five days, they would redefine not only mobile application security, but the very fundamentals of book writing itself (ironically, the event took place near Bletchley Park, once the residence and work place of the great Alan Turing). 12 | 13 | Or maybe that's going too far. But at least, they produced a proof-of-concept for an unusual security book. The Mobile Application Security Testing Guide (MASTG) is an open, agile, crowd-sourced effort, made of the contributions of dozens of authors and reviewers from all over the world. 14 | 15 | Because this isn't a normal security book, the introduction doesn't list impressive facts and data proving importance of mobile devices in this day and age. It also doesn't explain how mobile application security is broken, and why a book like this was sorely needed, and the authors don't thank their beloved ones without whom the book wouldn't have been possible. 16 | 17 | We do have a message to our readers however! The first rule of the OWASP Mobile Application Security Testing Guide is: Don't just follow the OWASP Mobile Application Security Testing Guide. True excellence at mobile application security requires a deep understanding of mobile operating systems, coding, network security, cryptography, and a whole lot of other things, many of which we can only touch on briefly in this book. Don't stop at security testing. Write your own apps, compile your own kernels, dissect mobile malware, learn how things tick. And as you keep learning new things, consider contributing to the MASTG yourself! Or, as they say: "Do a pull request". 18 | 19 | 20 | -------------------------------------------------------------------------------- /Document/0x02a-Frontispiece.md: -------------------------------------------------------------------------------- 1 | # Frontispiece 2 | 3 | 4 | 5 | ## About the OWASP MASTG 6 | 7 | The [OWASP Mobile Application Security Testing Guide (MASTG)](https://mas.owasp.org/MASTG/), which is part of the [OWASP Mobile Application Security (MAS)](https://mas.owasp.org/) flagship project, is a comprehensive manual covering the processes, techniques, and tools used during mobile application security analysis, as well as an exhaustive set of test cases for verifying the requirements listed in the [OWASP Mobile Application Security Verification Standard (MASVS)](https://mas.owasp.org/MASVS/), providing a baseline for complete and consistent security tests. 8 | 9 | The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. [Learn more](0x02b-MASVS-MASTG-Adoption.md). 10 | 11 | 12 | 13 | 14 | 15 | ## Authors 16 | 17 | ### Bernhard Mueller 18 | 19 | Bernhard is a cyber security specialist with a talent for hacking systems of all kinds. During more than a decade in the industry, he has published many zero-day exploits for software such as MS SQL Server, Adobe Flash Player, IBM Director, Cisco VOIP, and ModSecurity. If you can name it, he has probably broken it at least once. BlackHat USA commended his pioneering work in mobile security with a Pwnie Award for Best Research. 20 | 21 | ### Sven Schleier 22 | 23 | Sven is an experienced web and mobile penetration tester and assessed everything from historic Flash applications to progressive mobile apps. He is also a security engineer that supported many projects end-to-end during the SDLC to "build security in". He was speaking at local and international meetups and conferences and is conducting hands-on workshops about web application and mobile app security. 24 | 25 | ### Jeroen Willemsen 26 | 27 | Jeroen is a principal security architect with a passion for mobile security and risk management. He has supported companies as a security coach, a security engineer and as a full-stack developer, which makes him a jack of all trades. He loves explaining technical subjects: from security issues to programming challenges. 28 | 29 | ### Carlos Holguera 30 | 31 | Carlos is a mobile security research engineer who has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge. 32 | 33 | ## Co-Authors 34 | 35 | Co-authors have consistently contributed quality content and have at least 2,000 additions logged in the GitHub repository. 36 | 37 | ### Romuald Szkudlarek 38 | 39 | Romuald is a passionate cyber security & privacy professional with over 15 years of experience in the web, mobile, IoT and cloud domains. During his career, he has been dedicating his spare time to a variety of projects with the goal of advancing the sectors of software and security. He is teaching regularly at various institutions. He holds CISSP, CCSP, CSSLP, and CEH credentials. 40 | 41 | ### Jeroen Beckers 42 | 43 | Jeroen is a mobile security lead responsible for quality assurance on mobile security projects and for R&D on all things mobile. Although he started his career as a programmer, he found that it was more fun to take things apart than to put things together, and the switch to security was quickly made. Ever since his master's thesis on Android security, Jeroen has been interested in mobile devices and their (in)security. He loves sharing his knowledge with other people, as is demonstrated by his many talks & trainings at colleges, universities, clients and conferences. 44 | 45 | ### Vikas Gupta 46 | 47 | Vikas is an experienced cyber security researcher, with expertise in mobile security. In his career he has worked to secure applications for various industries including fintech, banks and governments. He enjoys reverse engineering, especially obfuscated native code and cryptography. He holds masters in security and mobile computing, and an OSCP certification. He is always open to share his knowledge and exchange ideas. 48 | 49 | ## Older Versions 50 | 51 | The Mobile Security Testing Guide was initiated by Milan Singh Thakur in 2015. The original document was hosted on Google Drive. Guide development was moved to GitHub in October 2016. 52 | 53 | ### OWASP MSTG "Beta 2" (Google Doc) 54 | 55 | | Authors | Reviewers | Top Contributors | 56 | | --- | --- | --- | 57 | | Milan Singh Thakur, Abhinav Sejpal, Blessen Thomas, Dennis Titze, Davide Cioccia, Pragati Singh, Mohammad Hamed Dadpour, David Fern, Ali Yazdani, Mirza Ali, Rahil Parikh, Anant Shrivastava, Stephen Corbiaux, Ryan Dewhurst, Anto Joseph, Bao Lee, Shiv Patel, Nutan Kumar Panda, Julian Schütte, Stephanie Vanroelen, Bernard Wagner, Gerhard Wagner, Javier Dominguez | Andrew Muller, Jonathan Carter, Stephanie Vanroelen, Milan Singh Thakur | Jim Manico, Paco Hope, Pragati Singh, Yair Amit, Amin Lalji, OWASP Mobile Team| 58 | 59 | ### OWASP MSTG "Beta 1" (Google Doc) 60 | 61 | | Authors | Reviewers | Top Contributors | 62 | | --- | --- | --- | 63 | | Milan Singh Thakur, Abhinav Sejpal, Pragati Singh, Mohammad Hamed Dadpour, David Fern, Mirza Ali, Rahil Parikh | Andrew Muller, Jonathan Carter | Jim Manico, Paco Hope, Yair Amit, Amin Lalji, OWASP Mobile Team | 64 | 65 | 66 | 67 | ## Changelog 68 | 69 | All our Changelogs are available online at the OWASP MASTG GitHub repository, see the Releases page: 70 | 71 | 72 | 73 | ## Disclaimer 74 | 75 | Please consult the laws in your country before executing any tests against mobile apps by utilizing the MASTG materials. Refrain from violating the laws with anything described in the MASTG. 76 | 77 | Our [Code of Conduct] has further details: 78 | 79 | OWASP thanks the many authors, reviewers, and editors for their hard work in developing this guide. If you have any comments or suggestions, please connect with us: 80 | 81 | If you find any inconsistencies or typos please open an issue in the OWASP MASTG Github Repo: 82 | 83 | ## Copyright and License 84 | 85 | Copyright © The OWASP Foundation. This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/ "Creative Commons Attribution-ShareAlike 4.0 International License"). For any reuse or distribution, you must make clear to others the license terms of this work. 86 | 87 | 88 | -------------------------------------------------------------------------------- /Document/0x02b-MASVS-MASTG-Adoption.md: -------------------------------------------------------------------------------- 1 | # OWASP MASVS and MASTG Adoption 2 | 3 | The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. 4 | 5 | ## Mobile Platform Providers 6 | 7 | ### Google Android 8 | 9 | 10 | 11 | Since 2021 Google has shown their support for the OWASP Mobile Security project (MASTG/MASVS) and has started providing continuous and high value feedback to the MASVS refactoring process via the [App Defense Alliance (ADA)](https://appdefensealliance.dev/) and its [MASA (Mobile Application Security Assessment) program](https://appdefensealliance.dev/masa). 12 | 13 | With MASA, Google has acknowledged the importance of leveraging a globally recognized standard for mobile app security to the mobile app ecosystem. Developers can work directly with an Authorized Lab partner to initiate a security assessment. Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements and will showcase this on their Data safety section. 14 | 15 | We thank Google, the ADA and all its members for their support and for their excellent work on protecting the mobile app ecosystem. 16 | 17 | ## Certification Institutions 18 | 19 | ### CREST 20 | 21 | 22 | 23 | CREST is an international not-for-profit, membership body who quality assures its members and delivers professional certifications to the cyber security industry. CREST works with governments, regulators, academe, training partners, professional bodies and other stakeholders around the world. 24 | 25 | In August 2022, CREST launched the OWASP Verification Standard (OVS) Programme. CREST OVS sets new standards for application security. Underpinned by OWASP's Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS), CREST is leveraging the open-source community to build and maintain global standards to deliver a global web and mobile application security framework. This will provide assurance to the buying community that developers using CREST OVS accredited providers, always know that they are engaged with ethical and capable organisations with skilled and competent security testers by leveraging the OWASP ASVS and MASVS standards. 26 | 27 | - [CREST OVS Programme](https://www.crest-approved.org/membership/crest-ovs-programme/) 28 | - [CREST OVS Accreditation Process](https://www.crest-approved.org/membership/crest-ovs-programme/ovs-programme-accreditation-process/) 29 | - [CREST OVS Introductory Video](https://www.youtube.com/watch?v=th1l6-e4hcg) 30 | 31 | We thank CREST for their consulation regarding the OVS programme and its support to the open-source community to build and maintain global cyber security standards. 32 | 33 | ## Standardization Institutions 34 | 35 | ### NIST (National Institute of Standards and Technology, United States) 36 | 37 | 38 | 39 | The [National Institute of Standards and Technology (NIST)](https://www.nist.gov/about-nist) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals. 40 | 41 | - [NIST.SP.800-163 "Vetting the Security of Mobile Applications" Revision 1, 2019](https://csrc.nist.gov/news/2019/nist-publishes-sp-800-163-rev-1 "National Institute of Standards and Technology") 42 | - [NIST.SP.800-218 "Secure Software Development Framework (SSDF) v1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities" v1.1, 2022](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf) 43 | 44 | ### BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany) 45 | 46 | 47 | 48 | BSI stands for "Federal Office for Information Security", it has the goal to promote IT security in Germany and is the central IT security service provider for the federal government. 49 | 50 | - [Technical Guideline BSI TR-03161 Security requirements for eHealth applications v1.0, 2020](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03161/TR-03161.pdf) 51 | - [Prüfvorschrift für den Produktgutachter des „ePA-Frontend des Versicherten“ und des „E-Rezept-Frontend des Versicherten v2.0, 2021](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/DigitaleGesellschaft/Pruefvorschrift_Produktgutachter_ePA-Frontend.pdf) 52 | 53 | ### ioXt 54 | 55 | 56 | 57 | The mission of the [ioXt Alliance](https://www.ioxtalliance.org/) is to build confidence in Internet of Things products through multi-stakeholder, international, harmonized, and standardized security and privacy requirements, product compliance programs, and public transparency of those requirements and programs. 58 | 59 | In 2021, ioXt has [extended its security principles through the Mobile Application profile](https://www.ioxtalliance.org/news-events-blog/ioxt-alliance-expands-certification-program-for-mobile-and-vpn-security), so that app developers can ensure their products are built with, and maintain, high cybersecurity standards such as the OWASP MASVS and the VPN Trust Initiative. The ioXt Mobile Application profile is a security standard that applies to any cloud connected mobile app and provides the much needed market transparency for consumer and commercial mobile app security. 60 | 61 | - [ioXt Base Profile v2.0](https://static1.squarespace.com/static/5c6dbac1f8135a29c7fbb621/t/6078677c7d7b84799f1eaa5b/1618503553847/ioXt_Base_Profile.pdf) 62 | 63 | ## Governmental Institutions 64 | 65 | | Name | Document | Year | 66 | | -------------- | -------------------- | -- | 67 | | European Payments Council | [Payment Threats and Fraud Trends Report](https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2021-12/EPC193-21%20v1.0%202021%20Payments%20Threats%20and%20Fraud%20Trends%20Report.pdf) | 2021 | 68 | | European Payments Council | [Mobile Initiated SEPA Credit Transfer Interoperability Implementation Guidelines, including SCT Instant (MSCT IIGs)](https://www.europeanpaymentscouncil.eu/document-library/guidance-documents/mobile-initiated-sepa-instant-credit-transfer-interoperability) | 2019 | 69 | | ENISA (European Union Agency for Cybersecurity) | [Good Practices for Security of SMART CARS](https://www.enisa.europa.eu/publications/smart-cars) | 2019 | 70 | | Government of India, Ministry of Electronics & Information Technology | [Adoption of Mobile AppSec Verification Standard (MASVS) Version 1.0 of OWASP](http://egovstandards.gov.in/notified-standards-1) | 2019 | 71 | | Finish Transport and Communication Agency (TRAFICOM) | [Assessment guideline for electronic identification services (Draft)](https://www.traficom.fi/sites/default/files/media/file/DRAFT%20Traficom%20guideline%20211%202019%20conformity%20assessment%20of%20eID%20service.pdf) | 2019 | 72 | | Gobierno de España INCIBE | [Ciberseguridad en Smart Toys](https://www.incibe.es/sites/default/files/contenidos/guias/doc/guia_smarttoys_final.pdf) | 2019 | 73 | 74 | ## Educational Institutions 75 | 76 | | Name | Document | Year | 77 | | -------------- | -------------------- | -- | 78 | | Leibniz Fachhochschule Hannover, Germany | [Sicherheitsüberprüfung von mobilen iOS Apps nach OWASP (German)](https://leibniz-fh.de/content/uploads/2022/09/27_Arbeitspapier_OWASP.pdf) | 2022 | 79 | | University of Florida, Florida Institute for Cybersecurity Research, United States | ["SO{U}RCERER : Developer-Driven Security Testing Framework for Android Apps"](https://arxiv.org/pdf/2111.01631.pdf) | 2021 | 80 | | University of Adelaide, Australia and Queen Mary University of London, United Kingdom | [An Empirical Assessment of Global COVID-19 Contact Tracing Applications](https://arxiv.org/pdf/2006.10933.pdf) | 2021 | 81 | | School of Information Technology, Mapúa University, Philippines | [A Vulnerability Assessment on the Parental Control Mobile Applications Security: Status based on the OWASP Security Requirements](http://www.ieomsociety.org/singapore2021/papers/1104.pdf) | 2021 | 82 | 83 | ## Application in Scientific Research 84 | 85 | - [STAMBA: Security Testing for Android Mobile Banking Apps](https://link.springer.com/chapter/10.1007/978-3-319-28658-7_57 "Advances in Signal Processing and Intelligent Recognition Systems pp 671-683") 86 | 87 | ## Books 88 | 89 | - [Hands-On Security in DevOps](https://books.google.co.uk/books?id=bO1mDwAAQBAJ&pg=PA40&lpg=PA40&dq=owasp+mobile+security+testing+guide&source=bl&ots=pHhAasVgeC&sig=ACfU3U0yodcqH0O8Sjx3ADTN2m1tbHeCsg&hl=nl&sa=X&ved=2ahUKEwio2umM8tbiAhXgVBUIHehnAEU4UBDoATAIegQICRAB#v=onepage&q=owasp%20mobile%20security%20testing%20guide&f=false "Hands-On Security in DevOps in Google books") 90 | -------------------------------------------------------------------------------- /Document/0x02c-Acknowledgements.md: -------------------------------------------------------------------------------- 1 | # Acknowledgments 2 | 3 | ## 🥇 MAS Advocates 4 | 5 | MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. 6 | 7 | > 🥇 Being an "MAS Advocate" is the highest status that companies can achieve in the project acknowledging that they've gone above and beyond to support the project. 8 | 9 | We will validate this status according to these categories: 10 | 11 | 1. **Showing Adoption**: it should be clear just from looking at the official company page that they have adopted the OWASP MASVS and MASTG. For example: 12 | - Services / Products 13 | - Resources (e.g. blog posts, press releases, public pentest reports) 14 | - Trainings 15 | - etc. 16 | 2. **Providing consistent high-impact contributions**: by continuously supporting with time/dedicated resources with clear/high impact for the OWASP MAS project. 17 | - Content Pull Requests (e.g. adding/upgrading existing tests, tooling, maintaining code samples, etc.) 18 | - Technical PR reviews 19 | - Improving automation (GitHub Actions) 20 | - Upgrading, extending or creating new Crackmes 21 | - Moderating GitHub Discussions 22 | - Providing high-value feedback to the project and for special events such as the MASVS/MASTG refactoring. 23 | - etc. 24 | 3. **Spreading the word** and promoting the project with many presentations each year, public trainings, high social media involvement (e.g. liking, re-sharing, doing own posting specifically to promote the project). 25 | 26 | _NOTE: You don't need to fulfill each and every bullet point (they are examples). However, you must be able to clearly show the continuity of your contributions and high impact for the project. For example, to fulfill "2." you could demonstrate that you've been sending high-impact Pull Request in the initial 6 months period and intend to continue to do so._ 27 | 28 | ### 🎁 Benefits 29 | 30 | - Company logo displayed in our main READMEs and main OWASP project site. 31 | - Linked blog posts in the MASTG will include the company name. 32 | - Special acknowledgement on each MASTG release containing the contributed PRs. 33 | - Re-shares from the OWASP MAS accounts on new publications (e.g. retweets). 34 | - Initial public "Thank You" and yearly after successful renewal. 35 | 36 | ### 📝 How to Apply 37 | 38 | If you'd like to apply please contact the project leaders by sending an email to [Sven Schleier](mailto:sven.schleier@owasp.org) and [Carlos Holguera](mailto:carlos.holguera@owasp.org) who will validate your application. Please be sure to include sufficient evidence (usually in the form of a _contribution report_ including URLs linking to the corresponding elements) showing what you've done in the 6 months period that goes inline with the three categories described above. 39 | 40 | ### ❗ Important Disclaimers 41 | 42 | - If the "MAS Advocate" status is granted and you'd like to maintain it, the aforementioned contributions must remain consistent after the initial period as well. You should keep collecting this evidence and send us a _contribution report_ yearly. 43 | - [Financial donations](https://mas.owasp.org/donate/) are not part of the eligibility criteria but will be listed for completion. 44 | - Re-shared publications and blog posts linked in MASTG text must be **educational** and focus on mobile security or MASVS/MASTG and **not endorse company products/services**. 45 | - Advocate Companies may use the logo and links to MASVS/MASTG resources as part of their communication but cannot use them as an endorsement by OWASP as a preferred provider of software and services. 46 | - Example of what's ok: list MAS Advocate status on website home page, in "about company" slides in sales presentations, on sales collateral. 47 | - Example of what's not ok: a MAS Advocate cannot claim they are OWASP certified. 48 | - The quality of the application of the MASVS/MASTG by these companies [has not been vetted by the MAS team](https://mas.owasp.org/MASVS/Intro/0x04-Assessment_and_Certification/#owasps-stance-on-masvs-certifications-and-trust-marks). 49 | 50 | > The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters. MAS Advocates do not influence the content of the MASVS or MASTG in any way. 51 | 52 | ## Our MAS Advocates 53 | 54 | 55 | 56 | [NowSecure](https://www.nowsecure.com) has provided consistent high-impact contributions to the project and has successfully helped spread the word. 57 | 58 | **We'd like to thank NowSecure for its exemplary contribution which sets a blueprint for other potential contributors wanting to push the project forward.** 59 | 60 | ### NowSecure as a MASVS/MASTG Adopter 61 | 62 | - Services / Products: 63 | - [NowSecure Debuts New OWASP MASVS Mobile Pen Tests](https://www.nowsecure.com/blog/2022/03/22/nowsecure-debuts-new-owasp-masvs-mobile-pen-tests/) 64 | - [NowSecure Platform for Automated Mobile Security Testing](https://www.nowsecure.com/products/nowsecure-platform/) 65 | - Resources: 66 | - [The Essential Guide to the OWASP Mobile Security Project](https://discover.nowsecure.com/c/manager-guide-owasp?x=LIaYZt&xs=90367) 67 | - Trainings: 68 | - [Standards and Risk Assessment](https://academy.nowsecure.com/standards-and-risk-assessment) 69 | - [OWASP MASVS & MASTG Updates](https://academy.nowsecure.com/owasp-masvs-mstg-updates) 70 | - [Intro to Mobile App Security](https://academy.nowsecure.com/intro-to-mobile-app-security) 71 | 72 | ### NowSecure's Contributions to the MAS Project 73 | 74 | **High-impact Contributions (time/dedicated resources):** 75 | 76 | - [Content PRs](https://github.com/OWASP/owasp-mastg/pulls?q=is%3Apr+%22%28by+%40NowSecure%29%22) 77 | - Technical Reviews for PRs 78 | - Participation in GitHub Discussions 79 | 80 | A special mention goes for the **contribution to the MASVS Refactoring**: 81 | 82 | - Significant time investment to drive the discussions and create the proposals along with the community 83 | - Testability Analysis 84 | - Feedback on each category proposal 85 | - Statistics from internal analysis 86 | 87 | In the past, NowSecure has also contributed to the project, has sponsored it becoming a "God Mode Sponsor" and has donated the [UnCrackable App for Android Level 4: Radare2 Pay](0x08b-Reference-Apps.md#android-uncrackable-l4). 88 | 89 | **Spreading the Word:** 90 | 91 | - **Social media involvement**: continuous Twitter and LinkedIn activity (see [examples](https://twitter.com/search?q=(MASVS%20OR%20MSTG)%20(from%3ANowSecureMobile)&src=typed_query)) 92 | - **Blog Posts**: 93 | - [Integrate security into the mobile app software development lifecycle](https://www.scmagazine.com/perspective/devops/integrate-security-into-the-mobile-app-software-development-lifecycle) 94 | - [OWASP Mobile Security Testing Checklist Aids Compliance](https://www.nowsecure.com/blog/2022/02/23/owasp-mobile-security-testing-checklist-aids-compliance/) 95 | - **Presentations**: 96 | - "Mobile Wanderlust"! Our journey to Version 2.0! (OWASP AppSec EU, Jun 10 2022) 97 | - Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Toronto Chapter, Feb 10 2022) 98 | - [Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Virtual AppSec 2021, Nov 11 2021)](https://www.youtube.com/watch?v=TcYtpUIIMYw) 99 | - [Insiders Guide to Mobile AppSec with OWASP MASVS (OWASP Northern Virginia Chapter, Oct 8 2021)](https://www.youtube.com/watch?v=fuLo64WH3SU) 100 | - and more 101 | 102 | ## Contributors 103 | 104 | **Note**: This contributor table is generated based on our [GitHub contribution statistics](https://github.com/OWASP/owasp-mastg/graphs/contributors "GitHub contribution statistics"). For more information on these stats, see the [GitHub Repository README](https://github.com/OWASP/owasp-mastg/blob/master/README.md "GitHub Repository README"). We manually update the table, so be patient if you're not listed immediately. 105 | 106 | ### Top Contributors 107 | 108 | Top contributors have consistently contributed quality content and have at least 500 additions logged in the GitHub repository. 109 | 110 | - Pawel Rzepa 111 | - Francesco Stillavato 112 | - Henry Hoggard 113 | - Andreas Happe 114 | - Kyle Benac 115 | - Paulino Calderon 116 | - Alexander Anthuk 117 | - Caleb Kinney 118 | - Abderrahmane Aftahi 119 | - Koki Takeyama 120 | - Wen Bin Kong 121 | - Abdessamad Temmar 122 | - Cláudio André 123 | - Slawomir Kosowski 124 | - Bolot Kerimbaev 125 | - Lukasz Wierzbicki 126 | 127 | ### Contributors 128 | 129 | Contributors have contributed quality content and have at least 50 additions logged in the GitHub repository. Their Github handle is listed below: 130 | 131 | kryptoknight13, DarioI, luander, oguzhantopgul, Osipion, mpishu, pmilosev, isher-ux, thec00n, ssecteam, jay0301, magicansk, jinkunong, nick-epson, caitlinandrews, dharshin, raulsiles, righettod, karolpiateknet, mkaraoz, Sjord, bugwrangler, jasondoyle, joscandreu, yog3shsharma, ryantzj, rylyade1, shivsahni, diamonddocumentation, 51j0, AnnaSzk, hlhodges, legik, abjurato, serek8, mhelwig, locpv-ibl and ThunderSon. 132 | 133 | ### Mini Contributors 134 | 135 | Many other contributors have committed small amounts of content, such as a single word or sentence (less than 50 additions). Their Github handle is listed below: 136 | 137 | jonasw234, zehuanli, jadeboer, Isopach, prabhant, jhscheer, meetinthemiddle-be, bet4it, aslamanver, juan-dambra, OWASP-Seoul, hduarte, TommyJ1994, forced-request, D00gs, vasconcedu, mehradn7, whoot, LucasParsy, DotDotSlashRepo, enovella, ionis111, vishalsodani, chame1eon, allRiceOnMe, crazykid95, Ralireza, Chan9390, tamariz-boop, abhaynayar, camgaertner, EhsanMashhadi, fujiokayu, decidedlygray, Ali-Yazdani, Fi5t, MatthiasGabriel, colman-mbuya and anyashka. 138 | 139 | ### Reviewers 140 | 141 | Reviewers have consistently provided useful feedback through GitHub issues and pull request comments. 142 | 143 | - Jeroen Beckers 144 | - Sjoerd Langkemper 145 | - Anant Shrivastava 146 | 147 | ### Editors 148 | 149 | - Heaven Hodges 150 | - Caitlin Andrews 151 | - Nick Epson 152 | - Anita Diamond 153 | - Anna Szkudlarek 154 | 155 | ### Donators 156 | 157 | While both the MASVS and the MASTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MASTG in any way. The Donation Packages are described on our [OWASP Project page](https://mas.owasp.org/donate/ "OWASP MAS Donation Packages"). 158 | 159 | 160 | -------------------------------------------------------------------------------- /Document/0x03-Overview.md: -------------------------------------------------------------------------------- 1 | # Introduction to the OWASP Mobile Application Security Project 2 | 3 | New technology always introduces new security risks, and mobile computing is no exception. Security concerns for mobile apps differ from traditional desktop software in some important ways. Modern mobile operating systems are arguably more secure than traditional desktop operating systems, but problems can still appear when we don't carefully consider security during mobile app development. Data storage, inter-app communication, proper usage of cryptographic APIs, and secure network communication are only some of these considerations. 4 | 5 | The [OWASP Mobile Application Security _Verification Standard_ (MASVS)](https://mas.owasp.org/MASVS/) defines a mobile app security model and lists generic security requirements for mobile apps. It can be used by architects, developers, testers, security professionals, and consumers to define and understand the qualities of a secure mobile app. The [OWASP Mobile Application Security _Testing Guide_ (MASTG)](https://mas.owasp.org/MASTG/) maps to the same basic set of security requirements offered by the MASVS and depending on the context they can be used individually or combined to achieve different objectives. 6 | 7 | 8 | 9 | For example, the MASVS requirements can be used in an app's planning and architecture design stages while the checklist and testing guide may serve as a baseline for manual security testing or as a template for automated security tests during or after development. In the "[Mobile App Security Testing](0x04b-Mobile-App-Security-Testing.md)" chapter we'll describe how you can apply the checklist and MASTG to a mobile app penetration test. 10 | 11 | ## Key Areas in Mobile Application Security 12 | 13 | Many mobile app penetration testers have a background in network and web app penetration testing, a quality that is valuable for mobile app testing. Almost every mobile app talks to a backend service, and those services are prone to the same types of attacks we are familiar with in web apps on desktop machines. Mobile apps differ in that there is a smaller attack surface and therefore more security against injection and similar attacks. Instead, we must prioritize data protection on the device and the network to increase mobile security. 14 | 15 | Let's discuss the key areas in mobile app security. 16 | 17 | ### Data Storage and Privacy (MASVS-STORAGE) 18 | 19 | The protection of sensitive data, such as user credentials and private information, is crucial to mobile security. If an app uses operating system APIs such as local storage or inter-process communication (IPC) improperly, the app might expose sensitive data to other apps running on the same device. It may also unintentionally leak data to cloud storage, backups, or the keyboard cache. Additionally, mobile devices can be lost or stolen more easily compared to other types of devices, so it's more likely an individual can gain physical access to the device, making it easier to retrieve the data. 20 | 21 | When developing mobile apps, we must take extra care when storing user data. For example, we can use appropriate key storage APIs and take advantage of hardware-backed security features when available. 22 | 23 | Fragmentation is a problem we deal with especially on Android devices. Not every Android device offers hardware-backed secure storage, and many devices are running outdated versions of Android. For an app to be supported on these out-of-date devices, it would have to be created using an older version of Android's API which may lack important security features. For maximum security, the best choice is to create apps with the current API version even though that excludes some users. 24 | 25 | ### Cryptography (MASVS-CRYPTO) 26 | 27 | Cryptography is an essential ingredient when it comes to protecting data stored on a mobile device. It is also an area where things can go horribly wrong, especially when standard conventions are not followed. It is essential to ensure that the application uses cryptography according to industry best practices, including the use of proven cryptographic libraries, a proper choice and configuration of cryptographic primitives as well as a suitable random number generator wherever randomness is required. 28 | 29 | ### Authentication and Authorization (MASVS-AUTH) 30 | 31 | In most cases, sending users to log in to a remote service is an integral part of the overall mobile app architecture. Even though most of the authentication and authorization logic happens at the endpoint, there are also some implementation challenges on the mobile app side. Unlike web apps, mobile apps often store long-time session tokens that are unlocked with user-to-device authentication features such as fingerprint scanning. While this allows for a quicker login and better user experience (nobody likes to enter complex passwords), it also introduces additional complexity and room for error. 32 | 33 | Mobile app architectures also increasingly incorporate authorization frameworks (such as OAuth2) that delegate authentication to a separate service or outsource the authentication process to an authentication provider. Using OAuth2 allows the client-side authentication logic to be outsourced to other apps on the same device (e.g. the system browser). Security testers must know the advantages and disadvantages of different possible authorization frameworks and architectures. 34 | 35 | ### Network Communication (MASVS-NETWORK) 36 | 37 | Mobile devices regularly connect to a variety of networks, including public Wi-Fi networks shared with other (potentially malicious) clients. This creates opportunities for a wide variety of network-based attacks ranging from simple to complicated and old to new. It's crucial to maintain the confidentiality and integrity of information exchanged between the mobile app and remote service endpoints. As a basic requirement, mobile apps must set up a secure, encrypted channel for network communication using the TLS protocol with appropriate settings. 38 | 39 | ### Interaction with the Mobile Platform (MASVS-PLATFORM) 40 | 41 | Mobile operating system architectures differ from classical desktop architectures in important ways. For example, all mobile operating systems implement app permission systems that regulate access to specific APIs. They also offer more (Android) or less rich (iOS) inter-process communication (IPC) facilities that enable apps to exchange signals and data. These platform-specific features come with their own set of pitfalls. For example, if IPC APIs are misused, sensitive data or functionality might be unintentionally exposed to other apps running on the device. 42 | 43 | ### Code Quality and Exploit Mitigation (MASVS-CODE) 44 | 45 | Traditional injection and memory management issues aren't often seen in mobile apps due to the smaller attack surface. Mobile apps mostly interact with the trusted backend service and the UI, so even if many buffer overflow vulnerabilities exist in the app, those vulnerabilities usually don't open up any useful attack vectors. The same applies to browser exploits such as cross-site scripting (XSS allows attackers to inject scripts into web pages) that are very prevalent in web apps. However, there are always exceptions. XSS is theoretically possible on mobile in some cases, but it's very rare to see XSS issues that an individual can exploit. 46 | 47 | This protection from injection and memory management issues doesn't mean that app developers can get away with writing sloppy code. Following security best practices results in hardened (secure) release builds that are resilient against tampering. Free security features offered by compilers and mobile SDKs help increase security and mitigate attacks. 48 | 49 | ### Anti-Tampering and Anti-Reversing (MASVS-RESILIENCE) 50 | 51 | There are three things you should never bring up in polite conversations: religion, politics, and code obfuscation. Many security experts dismiss client-side protections outright. However, software protection controls are widely used in the mobile app world, so security testers need ways to deal with these protections. We believe there's a benefit to client-side protections if they are employed with a clear purpose and realistic expectations in mind and aren't used to replace security controls. 52 | 53 | ## Navigating the OWASP MASTG 54 | 55 | The MASTG contains descriptions of all requirements specified in the MASVS. The MASTG contains the following main sections: 56 | 57 | 1. The [General Testing Guide](0x04a-Mobile-App-Taxonomy.md) contains a mobile app security testing methodology and general vulnerability analysis techniques as they apply to mobile app security. It also contains additional technical test cases that are OS-independent, such as authentication and session management, network communications, and cryptography. 58 | 59 | 2. The [Android Testing Guide](0x05a-Platform-Overview.md) covers mobile security testing for the Android platform, including security basics, security test cases, reverse engineering techniques and prevention, and tampering techniques and prevention. 60 | 61 | 3. The [iOS Testing Guide](0x06a-Platform-Overview.md) covers mobile security testing for the iOS platform, including an overview of the iOS OS, security testing, reverse engineering techniques and prevention, and tampering techniques and prevention. 62 | -------------------------------------------------------------------------------- /Document/0x04a-Mobile-App-Taxonomy.md: -------------------------------------------------------------------------------- 1 | # Mobile Application Taxonomy 2 | 3 | The term "mobile application" or "mobile app" refers to a self-contained computer program designed to execute on a mobile device. Today, the Android and iOS operating systems cumulatively comprise [more than 99% of the mobile OS market share](https://www.idc.com/promo/smartphone-market-share/os). Additionally, mobile Internet usage has surpassed desktop usage for the first time in history, making mobile browsing and apps the [most widespread kind of Internet-capable apps](https://www.idc.com/promo/smartphone-market-share/os). 4 | 5 | > In this guide, we'll use the term "app" as a general term for referring to any kind of application running on popular mobile OSes. 6 | 7 | In a basic sense, apps are designed to run either directly on the platform for which they’re designed, on top of a smart device’s mobile browser, or using a mix of the two. Throughout the following chapter, we will define characteristics that qualify an app for its respective place in mobile app taxonomy as well as discuss differences for each variation. 8 | 9 | ## Native App 10 | 11 | Mobile operating systems, including Android and iOS, come with a Software Development Kit (SDK) for developing apps specific to the OS. Such apps are referred to as _native_ to the system for which they have been developed. When discussing an app, the general assumption is that it is a native app implemented in a standard programming language for the respective operating system - Objective-C or Swift for iOS, and Java or Kotlin for Android. 12 | 13 | Native apps inherently have the capability to provide the fastest performance with the highest degree of reliability. They usually adhere to platform-specific design principles (e.g. the [Android Design Principles](https://developer.android.com/design "Android Design Principles")), which tends to result in a more consistent user interface (UI) compared to _hybrid_ or _web_ apps. Due to their close integration with the operating system, native apps can directly access almost every component of the device (camera, sensors, hardware-backed key stores, etc.). 14 | 15 | Some ambiguity exists when discussing _native apps_ for Android as the platform provides two development kits - the Android SDK and the Android NDK. The SDK, which is based on the Java and Kotlin programming language, is the default for developing apps. The NDK (or Native Development Kit) is a C/C++ development kit used for developing binary libraries that can directly access lower level APIs (such as OpenGL). These libraries can be included in regular apps built with the SDK. Therefore, we say that Android _native apps_ (i.e. built with the SDK) may have _native_ code built with the NDK. 16 | 17 | The most obvious downside of _native apps_ is that they target only one specific platform. To build the same app for both Android and iOS, one needs to maintain two independent code bases, or introduce often complex development tools to port a single code base to two platforms. The following frameworks are an example of the latter and allow you to compile a single codebase for both Android and iOS. 18 | 19 | - [Xamarin](https://dotnet.microsoft.com/apps/xamarin "Xamarin") 20 | - [Google Flutter](https://flutter.dev/ "Google Flutter") 21 | - [React Native](https://reactnative.dev/ "React Native") 22 | 23 | Apps developed using these frameworks internally use the APIs native to the system and offer performance equivalent to native apps. Also, these apps can make use of all device capabilities, including the GPS, accelerometer, camera, the notification system, etc. Since the final output is very similar to previously discussed _native apps_, apps developed using these frameworks can also be considered as _native apps_. 24 | 25 | ## Web App 26 | 27 | Mobile web apps (or simply, _web apps_) are websites designed to look and feel like a _native app_. These apps run on top of a device’s browser and are usually developed in HTML5, much like a modern web page. Launcher icons may be created to parallel the same feel of accessing a _native app_; however, these icons are essentially the same as a browser bookmark, simply opening the default web browser to load the referenced web page. 28 | 29 | Web apps have limited integration with the general components of the device as they run within the confines of a browser (i.e. they are "sandboxed") and usually lack in performance compared to native apps. Since a web app typically targets multiple platforms, their UIs do not follow some of the design principles of a specific platform. The biggest advantage is reduced development and maintenance costs associated with a single code base as well as enabling developers to distribute updates without engaging the platform-specific app stores. For example, a change to the HTML file for a web app can serve as viable, cross-platform update whereas an update to a store-based app requires considerably more effort. 30 | 31 | ## Hybrid App 32 | 33 | Hybrid apps attempt to fill the gap between _native_ and _web apps_. A _hybrid app_ executes like a _native app_, but a majority of the processes rely on web technologies, meaning a portion of the app runs in an embedded web browser (commonly called "WebView"). As such, hybrid apps inherit both pros and cons of _native_ and _web apps_. 34 | 35 | A web-to-native abstraction layer enables access to device capabilities for _hybrid apps_ not accessible to a pure _web app_. Depending on the framework used for development, one code base can result in multiple apps that target different platforms, with a UI closely resembling that of the original platform for which the app was developed. 36 | 37 | Following is a non-exhaustive list of more popular frameworks for developing _hybrid apps_: 38 | 39 | - [Apache Cordova](https://cordova.apache.org/ "Apache Cordova") 40 | - [Framework 7](https://framework7.io/ "Framework 7") 41 | - [Ionic](https://ionicframework.com/ "Ionic") 42 | - [jQuery Mobile](https://jquerymobile.com/ "jQuery Mobile") 43 | - [Native Script](https://www.nativescript.org/ "Native Script") 44 | - [Onsen UI](https://onsen.io/ "Onsen UI") 45 | - [Sencha Touch](https://www.sencha.com/products/touch/ "Sencha Touch") 46 | 47 | ## Progressive Web App 48 | 49 | Progressive Web Apps (PWA) load like regular web pages, but differ from usual web apps in several ways. For example it's possible to work offline and access to mobile device hardware is possible, that traditionally is only available to native mobile apps. 50 | 51 | PWAs combine different open standards of the web offered by modern browsers to provide benefits of a rich mobile experience. A Web App Manifest, which is a simple JSON file, can be used to configure the behavior of the app after "installation". 52 | 53 | PWAs are supported by Android and iOS, but not all hardware features are yet available. For example Push Notifications, Face ID on iPhone X or ARKit for augmented reality is not available yet on iOS. An overview of PWA and supported features on each platform can be found in a [Medium article from Maximiliano Firtman](https://medium.com/@firt/progressive-web-apps-on-ios-are-here-d00430dee3a7 "Progressive Web Apps on iOS are here"). 54 | 55 | ## What's Covered in the Mobile Testing Guide 56 | 57 | Throughout this guide, we will focus on apps for Android and iOS running on smartphones. These platforms are currently dominating the market and also run on other device classes including tablets, smartwatches, smart TVs, automotive infotainment units, and other embedded systems. Even if these additional device classes are out of scope, you can still apply most of the knowledge and testing techniques described in this guide with some deviance depending on the target device. 58 | 59 | Given the vast amount of mobile app frameworks available it would be impossible to cover all of them exhaustively. Therefore, we focus on _native_ apps on each operating system. However, the same techniques are also useful when dealing with web or hybrid apps (ultimately, no matter the framework, every app is based on native components). 60 | -------------------------------------------------------------------------------- /Document/0x04i-Testing-User-Privacy-Protection.md: -------------------------------------------------------------------------------- 1 | # Mobile App User Privacy Protection 2 | 3 | **IMPORTANT DISCLAIMER:** The MASTG is not a legal handbook. Therefore, we will not deep dive into the GDPR or other possibly relevant legislation here. This chapter is meant to introduce you to the topics and provide you with essential references that you can use to continue researching by yourself. We'll also do our best effort to provide you with tests or guidelines for testing the privacy-related requirements listed in the OWASP MASVS. 4 | 5 | ## Overview 6 | 7 | ### The Main Problem 8 | 9 | Mobile apps handle all kinds of sensitive user data, from identification and banking information to health data. There is an understandable concern about how this data is handled and where it ends up. We can also talk about "benefits users get from using the apps" vs "the real price that they are paying for it" (usually and unfortunately without even being aware of it). 10 | 11 | ### The Solution (pre-2020) 12 | 13 | To ensure that users are properly protected, legislation such as the [General Data Protection Regulation (GDPR)](https://gdpr-info.eu/ "GDPR") in Europe has been developed and deployed (applicable since May 25, 2018), forcing developers to be more transparent regarding the handling of sensitive user data. This has been mainly implemented using privacy policies. 14 | 15 | ### The Challenge 16 | 17 | There are two main dimensions to consider here: 18 | 19 | - **Developer Compliance**: Developers need to comply with legal privacy principles since they are enforced by law. Developers need to better comprehend the legal principles in order to know what exactly they need to implement to remain compliant. Ideally, at least, the following must be fulfilled: 20 | - **Privacy-by-Design** approach (Art. 25 GDPR, "Data protection by design and by default"). 21 | - **Principle of Least Privilege** ("Every program and every user of the system should operate using the least set of privileges necessary to complete the job.") 22 | - **User Education**: Users need to be educated about their sensitive data and informed about how to use the application properly (to ensure secure handling and processing of their information). 23 | 24 | > Note: More often than not apps will claim to handle certain data, but in reality that's not the case. The IEEE article ["Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers" by Majid Hatamian](https://drive.google.com/file/d/1cp7zrqJuVkftJ0DARNN40Ga_m_tEhIrQ/view?usp=sharing) gives a very nice introduction to this topic. 25 | 26 | ### Protection Goals for Data Protection 27 | 28 | When an app needs personal information from a user for its business process, the user needs to be informed on what happens with the data and why the app needs it. If there is a third party doing the actual processing of the data, the app should inform the user about that too. 29 | 30 | Surely you're already familiar with the classic triad of security protection goals: confidentiality, integrity, and availability. However, you might not be aware of the three protection goals that have been proposed to focus on data protection: 31 | 32 | - **Unlinkability**: 33 | - Users' privacy-relevant data must be unlinkable to any other set of privacy-relevant data outside of the domain. 34 | - Includes: data minimization, anonymization, pseudonymization, etc. 35 | - **Transparency**: 36 | - Users should be able to request all information that the application has on them, and receive instructions on how to request this information. 37 | - Includes: privacy policies, user education, proper logging and auditing mechanisms, etc. 38 | - **Intervenability**: 39 | - Users should be able to correct their personal information, request its deletion, withdraw any given consent at any time, and receive instructions on how to do so. 40 | - Includes: privacy settings directly in the app, single points of contact for individuals’ intervention requests (e.g. in-app chat, telephone number, e-mail), etc. 41 | 42 | > See Section 5.1.1 "Introduction to data protection goals" in ENISA's ["Privacy and data protection in mobile applications"](https://www.enisa.europa.eu/publications/privacy-and-data-protection-in-mobile-applications "ENISA - Privacy and data protection in mobile applications") for more detailed descriptions. 43 | 44 | Addressing both security and privacy protection goals at the same time is a very challenging task (if not impossible in many cases). There is an interesting visualization in IEEE's publication [Protection Goals for Privacy Engineering](https://ieeexplore.ieee.org/document/7163220) called ["The Three Axes"](https://ieeexplore.ieee.org/document/7163220#sec2e) representing the impossibility to ensure 100% of each of the six goals simultaneously. 45 | 46 | Most parts of the processes derived from the protection goals are traditionally covered in a privacy policy. However, this approach is not always optimal: 47 | 48 | - developers are not legal experts but still need to be compliant. 49 | - users would be required to read usually long and wordy policies. 50 | 51 | ### The New Approach (Google's and Apple's take on this) 52 | 53 | In order to address these challenges and help users easily understand how their data is being collected, handled, and shared, Google and Apple introduced new privacy labeling systems (very much along the lines of NIST's proposal for [Consumer Software Cybersecurity Labeling](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.02042022-1.pdf): 54 | 55 | - the App Store [Nutrition Labels](https://www.apple.com/privacy/labels/) (since 2020). 56 | - the Google Play [Data Safety Section](https://developer.android.com/guide/topics/data/collect-share) (since 2021). 57 | 58 | As a new requirement on both platforms, it's vital that these labels are accurate in order to provide user assurance and mitigate abuse. 59 | 60 | ### Google ADA MASA program 61 | 62 | Performing regular security testing can help developers identify key vulnerabilities in their apps. Google Play will allow developers who have completed independent security validation to showcase this on their Data safety section. This helps users feel more confident about an app's commitment to security and privacy. 63 | 64 | In order to provide more transparency into the app's security architecture, Google has introduced the [MASA (Mobile Application Security Assessment)](https://appdefensealliance.dev/masa) program as part of the [App Defense Alliance (ADA)](https://appdefensealliance.dev/). With MASA, Google has acknowledged the importance of leveraging a globally recognized standard for mobile app security to the mobile app ecosystem. Developers can work directly with an Authorized Lab partner to initiate a security assessment. Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements and will showcase this on their Data safety section. 65 | 66 | 67 | 68 | > If you are a developer and would like to participate, you should complete this [form](https://docs.google.com/forms/d/e/1FAIpQLSdBl_eCNcUeUVDiB2duiJLZ5s4AV5AhDVuOz_1u8S9qhcXF5g/viewform). 69 | 70 | Note that the limited nature of testing does not guarantee complete safety of the application. This independent review may not be scoped to verify the accuracy and completeness of a developer's Data safety declarations. Developers remain solely responsible for making complete and accurate declarations in their app's Play store listing. 71 | 72 | ### How this Relates to Testing Other MASVS Categories 73 | 74 | The following is a list of [common privacy violations](https://support.google.com/googleplay/android-developer/answer/10144311?hl=en-GB#1&2&3&4&5&6&7&87&9&zippy=%2Cexamples-of-common-violations) that you as a security tester should report (although not an exhaustive list): 75 | 76 | - Example 1: An app that accesses a user's inventory of installed apps and doesn't treat this data as personal or sensitive data by sending it over the network (violating MSTG-STORAGE-4) or to another app via IPC mechanisms (violating MSTG-STORAGE-6). 77 | - Example 2: An app displays sensitive data such as credit card details or user passwords without user authorization e.g. biometrics (violating MSTG-AUTH-10). 78 | - Example 3: An app that accesses a user's phone or contact book data and doesn't treat this data as personal or sensitive data, additionally sending it over an unsecured network connection (violating MSTG-NETWORK-1). 79 | - Example 4: An app collects device location (which is apparently not required for its proper functioning) and does not have a prominent disclosure explaining which feature uses this data (violating MSTG-PLATFORM-1). 80 | 81 | > You can find more common violations in [Google Play Console Help (Policy Centre -> Privacy, deception and device abuse -> User data)](https://support.google.com/googleplay/android-developer/answer/10144311?hl=en-GB#1&2&3&4&5&6&7&87&9&zippy=%2Cexamples-of-common-violations). 82 | 83 | As you can see this is deeply related to other testing categories. When you're testing them you're often indirectly testing for User Privacy Protection. Keep this in mind since it will help you provide better and more comprehensive reports. Often you'll also be able to reuse evidence from other tests in order to test for User Privacy Protection (see an example of this in ["Testing User Education"](#testing-user-education-mstg-storage-12)). 84 | 85 | ### Learn More 86 | 87 | You can learn more about this and other privacy related topics here: 88 | 89 | - [iOS App Privacy Policy](https://developer.apple.com/documentation/healthkit/protecting_user_privacy#3705073) 90 | - [iOS Privacy Details Section on the App Store](https://developer.apple.com/app-store/app-privacy-details/) 91 | - [iOS Privacy Best Practices](https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy) 92 | - [Android App Privacy Policy](https://support.google.com/googleplay/android-developer/answer/9859455#privacy_policy) 93 | - [Android Data Safety Section on Google Play](https://support.google.com/googleplay/android-developer/answer/10787469) 94 | - [Preparing your app for the new Data safety section in Google Play](https://www.youtube.com/watch?v=J7TM0Yy0aTQ) 95 | - [Android Privacy Best Practices](https://developer.android.com/privacy/best-practices) 96 | 97 | ## Testing User Education (MSTG-STORAGE-12) 98 | 99 | ### Testing User Education on Data Privacy on the App Marketplace 100 | 101 | At this point, we're only interested in knowing which privacy-related information is being disclosed by the developers and trying to evaluate if it seems reasonable (similarly as you'd do when testing for permissions). 102 | 103 | > It's possible that the developers are not declaring certain information that is indeed being collected and\/or shared, but that's a topic for a different test extending this one here. As part of this test, you are not supposed to provide privacy violation assurance. 104 | 105 | ### Static Analysis 106 | 107 | You can follow these steps: 108 | 109 | 1. Search for the app in the corresponding app marketplace (e.g. Google Play, App Store). 110 | 2. Go to the section ["Privacy Details"](https://developer.apple.com/app-store/app-privacy-details/) (App Store) or ["Safety Section"](https://developer.android.com/guide/topics/data/collect-share) (Google Play). 111 | 3. Verify if there's any information available at all. 112 | 113 | The test passes if the developer has complied with the app marketplace guidelines and included the required labels and explanations. Store and provide the information you got from the app marketplace as evidence, so that you can later use it to evaluate potential violations of privacy or data protection. 114 | 115 | ### Dynamic analysis 116 | 117 | As an optional step, you can also provide some kind of evidence as part of this test. For instance, if you're testing an iOS app you can easily enable app activity recording and export a [Privacy Report](https://developer.apple.com/documentation/network/privacy_management/inspecting_app_activity_data) containing detailed app access to different resources such as photos, contacts, camera, microphone, network connections, etc. 118 | 119 | Doing this has actually many advantages for testing other MASVS categories. It provides very useful information that you can use to [test network communication](0x06g-Testing-Network-Communication.md) in MASVS-NETWORK or when [testing app permissions](0x06h-Testing-Platform-Interaction.md#testing-app-permissions-mstg-platform-1) in MASVS-PLATFORM. While testing these other categories you might have taken similar measurements using other testing tools. You can also provide this as evidence for this test. 120 | 121 | > Ideally, the information available should be compared against what the app is actually meant to do. However, that's far from a trivial task that could take from several days to weeks to complete depending on your resources and support from automated tooling. It also heavily depends on the app functionality and context and should be ideally performed on a white box setup working very closely with the app developers. 122 | 123 | ### Testing User Education on Security Best Practices 124 | 125 | Testing this might be especially challenging if you intend to automate it. We recommend using the app extensively and try to answer the following questions whenever applicable: 126 | 127 | - **Fingerprint usage**: when fingerprints are used for authentication providing access to high-risk transactions/information, 128 | 129 | _does the app inform the user about potential issues when having multiple fingerprints of other people registered to the device as well?_ 130 | 131 | - **Rooting/Jailbreaking**: when root or jailbreak detection is implemented, 132 | 133 | _does the app inform the user of the fact that certain high-risk actions will carry additional risk due to the jailbroken/rooted status of the device?_ 134 | 135 | - **Specific credentials**: when a user gets a recovery code, a password or a pin from the application (or sets one), 136 | 137 | _does the app instruct the user to never share this with anyone else and that only the app will request it?_ 138 | 139 | - **Application distribution**: in case of a high-risk application and in order to prevent users from downloading compromised versions of the application, 140 | 141 | _does the app manufacturer properly communicate the official way of distributing the app (e.g. from Google Play or the App Store)?_ 142 | 143 | - **Prominent Disclosure**: in any case, 144 | 145 | _does the app display prominent disclosure of data access, collection, use, and sharing? e.g. does the app use the [App Tracking Transparency Framework](https://developer.apple.com/documentation/apptrackingtransparency) to ask for the permission on iOS?_ 146 | 147 | ## References 148 | 149 | - Open-Source Licenses and Android - 150 | - Software Licenses in Plain English - 151 | - Apple Human Interface Guidelines - 152 | - Android App permissions best practices - 153 | 154 | ### OWASP MASVS 155 | 156 | - MSTG-STORAGE-12: "The app educates the user about the types of personally identifiable information processed, as well as security best practices the user should follow in using the app." 157 | -------------------------------------------------------------------------------- /Document/0x06a-Platform-Overview.md: -------------------------------------------------------------------------------- 1 | # iOS Platform Overview 2 | 3 | iOS is a mobile operating system that powers Apple mobile devices, including the iPhone, iPad, and iPod Touch. It is also the basis for Apple tvOS, which inherits many functionalities from iOS. This section introduces the iOS platform from an architecture point of view. The following five key areas are discussed: 4 | 5 | 1. iOS security architecture 6 | 2. iOS application structure 7 | 3. Inter-process Communication (IPC) 8 | 4. iOS application publishing 9 | 5. iOS Application Attack Surface 10 | 11 | Like the Apple desktop operating system macOS (formerly OS X), iOS is based on Darwin, an open source Unix operating system developed by Apple. Darwin's kernel is XNU ("X is Not Unix"), a hybrid kernel that combines components of the Mach and FreeBSD kernels. 12 | 13 | However, iOS apps run in a more restricted environment than their desktop counterparts do. iOS apps are isolated from each other at the file system level and are significantly limited in terms of system API access. 14 | 15 | To protect users from malicious applications, Apple restricts and controls access to the apps that are allowed to run on iOS devices. Apple's App Store is the only official application distribution platform. There developers can offer their apps and consumers can buy, download, and install apps. This distribution style differs from Android, which supports several app stores and sideloading (installing an app on your iOS device without using the official App Store). In iOS, sideloading typically refers to the app installation method via USB, although there are other enterprise iOS app distribution methods that do not use the App Store under the [Apple Developer Enterprise Program](https://developer.apple.com/programs/enterprise/ "Apple Developer Enterprise Program"). 16 | 17 | In the past, sideloading was possible only with a jailbreak or complicated workarounds. With iOS 9 or higher, it is possible to [sideload via Xcode](https://www.igeeksblog.com/how-to-sideload-apps-on-iphone-ipad-in-ios-10/ "How to Sideload Apps on iPhone and iPad Running iOS 10 using Xcode 8"). 18 | 19 | iOS apps are isolated from each other via Apple's iOS sandbox (historically called Seatbelt), a mandatory access control (MAC) mechanism describing the resources an app can and can't access. Compared to Android's extensive Binder IPC facilities, iOS offers very few IPC (Inter Process Communication) options, minimizing the potential attack surface. 20 | 21 | Uniform hardware and tight hardware/software integration create another security advantage. Every iOS device offers security features, such as secure boot, hardware-backed Keychain, and file system encryption (referred as data protection in iOS). iOS updates are usually quickly rolled out to a large percentage of users, decreasing the need to support older, unprotected iOS versions. 22 | 23 | In spite of the numerous strengths of iOS, iOS app developers still need to worry about security. Data protection, Keychain, Touch ID/Face ID authentication, and network security still leave a large margin for errors. In the following chapters, we describe iOS security architecture, explain a basic security testing methodology, and provide reverse engineering how-tos. 24 | 25 | ## iOS Security Architecture 26 | 27 | The [iOS security architecture](https://www.apple.com/business/docs/iOS_Security_Guide.pdf "Apple iOS Security Guide"), officially documented by Apple in the iOS Security Guide, consists of six core features. This security guide is updated by Apple for each major iOS version: 28 | 29 | - Hardware Security 30 | - Secure Boot 31 | - Code Signing 32 | - Sandbox 33 | - Encryption and Data Protection 34 | - General Exploit Mitigations 35 | 36 | 37 | 38 | ### Hardware Security 39 | 40 | The iOS security architecture makes good use of hardware-based security features that enhance overall performance. Each iOS device comes with two built-in Advanced Encryption Standard (AES) 256-bit keys. The device’s unique IDs (UIDs) and a device group IDs (GIDs) are AES 256-bit keys fused (UID) or compiled (GID) into the Application Processor (AP) and Secure Enclave Processor (SEP) during manufacturing. There's no direct way to read these keys with software or debugging interfaces such as JTAG. Encryption and decryption operations are performed by hardware AES crypto-engines that have exclusive access to these keys. 41 | 42 | The GID is a value shared by all processors in a class of devices used to prevent tampering with firmware files and other cryptographic tasks not directly related to the user's private data. UIDs, which are unique to each device, are used to protect the key hierarchy that's used for device-level file system encryption. Because UIDs aren't recorded during manufacturing, not even Apple can restore the file encryption keys for a particular device. 43 | 44 | To allow secure deletion of sensitive data on flash memory, iOS devices include a feature called [Effaceable Storage](https://www.apple.com/business/docs/iOS_Security_Guide.pdf "iOS Security Guide"). This feature provides direct low-level access to the storage technology, making it possible to securely erase selected blocks. 45 | 46 | ### Secure Boot 47 | 48 | When an iOS device is powered on, it reads the initial instructions from the read-only memory known as Boot ROM, which bootstraps the system. The Boot ROM contains immutable code and the Apple Root CA, which is etched into the silicon chip during the fabrication process, thereby creating the root of trust. Next, the Boot ROM makes sure that the LLB's (Low Level Bootloader) signature is correct, and the LLB checks that the iBoot bootloader's signature is correct too. After the signature is validated, the iBoot checks the signature of the next boot stage, which is the iOS kernel. If any of these steps fail, the boot process will terminate immediately and the device will enter recovery mode and display the [restore screen](https://support.apple.com/en-us/HT203122 "If you see the Restore screen on your iPhone, iPad, or iPod touch"). However, if the Boot ROM fails to load, the device will enter a special low-level recovery mode called Device Firmware Upgrade (DFU). This is the last resort for restoring the device to its original state. In this mode, the device will show no sign of activity; i.e., its screen won't display anything. 49 | 50 | This entire process is called the "Secure Boot Chain". Its purpose is focused on verifying the boot process integrity, ensuring that the system and its components are written and distributed by Apple. The Secure Boot chain consists of the kernel, the bootloader, the kernel extension, and the baseband firmware. 51 | 52 | ### Code Signing 53 | 54 | Apple has implemented an elaborate DRM system to make sure that only Apple-approved code runs on their devices, that is, code signed by Apple. In other words, you won't be able to run any code on an iOS device that hasn't been jailbroken unless Apple explicitly allows it. End users are supposed to install apps through the official Apple's App Store only. For this reason (and others), iOS has been [compared to a crystal prison](https://www.eff.org/deeplinks/2012/05/apples-crystal-prison-and-future-open-platforms "Apple\'s Crystal Prison and the Future of Open Platforms"). 55 | 56 | A developer profile and an Apple-signed certificate are required to deploy and run an application. 57 | Developers need to register with Apple, join the [Apple Developer Program](https://developer.apple.com/support/compare-memberships/ "Membership for Apple Developer Program") and pay a yearly subscription to get the full range of development and deployment possibilities. There's also a free developer account that allows you to compile and deploy apps (but not distribute them in the App Store) via sideloading. 58 | 59 | 60 | 61 | According to the [Archived Apple Developer Documentation](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html#//apple_ref/doc/uid/TP40005929-CH3-SW3) the code signature consists of three parts: 62 | 63 | - A seal. This is a collection of checksums or hashes of the various parts of the code, created by the code signing software. The seal can be used at verification time to detect alterations. 64 | - A digital signature. The code signing software encrypts the seal using the signer’s identity to create a digital signature. This guarantees the seal’s integrity. 65 | - Code requirements. These are the rules governing verification of the code signature. Depending on the goals, some are inherent to the verifier, while others are specified by the signer and sealed with the rest of the code. 66 | 67 | Learn more: 68 | 69 | - [Code Signing Guide (Archived Apple Developer Documentation)](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html) 70 | - [Code Signing (Apple Developer Documentation)](https://developer.apple.com/support/code-signing/) 71 | - [Demystifying iOS Code Signature](https://medium.com/csit-tech-blog/demystifying-ios-code-signature-309d52c2ff1d) 72 | 73 | ### Encryption and Data Protection 74 | 75 | _FairPlay Code Encryption_ is applied to apps downloaded from the App Store. FairPlay was developed as a DRM when purchasing multimedia content. Originally, FairPlay encryption was applied to MPEG and QuickTime streams, but the same basic concepts can also be applied to executable files. The basic idea is as follows: Once you register a new Apple user account, or Apple ID, a public/private key pair will be created and assigned to your account. The private key is securely stored on your device. This means that FairPlay-encrypted code can be decrypted only on devices associated with your account. Reverse FairPlay encryption is usually obtained by running the app on the device, then dumping the decrypted code from memory (see also "Basic Security Testing on iOS"). 76 | 77 | Apple has built encryption into the hardware and firmware of its iOS devices since the release of the iPhone 3GS. Every device has a dedicated hardware-based cryptographic engine that provides an implementation of the AES 256-bit encryption and the SHA-1 hashing algorithms. In addition, there's a unique identifier (UID) built into each device's hardware with an AES 256-bit key fused into the Application Processor. This UID is unique and not recorded elsewhere. At the time of writing, neither software nor firmware can directly read the UID. Because the key is burned into the silicon chip, it can't be tampered with or bypassed. Only the crypto engine can access it. 78 | 79 | Building encryption into the physical architecture makes it a default security feature that can encrypt all data stored on an iOS device. As a result, data protection is implemented at the software level and works with the hardware and firmware encryption to provide more security. 80 | 81 | When data protection is enabled, by simply establishing a passcode in the mobile device, each data file is associated with a specific protection class. Each class supports a different level of accessibility and protects data on the basis of when the data needs to be accessed. The encryption and decryption operations associated with each class are based on multiple key mechanisms that utilize the device's UID and passcode, a class key, a file system key, and a per-file key. The per-file key is used to encrypt the file's contents. The class key is wrapped around the per-file key and stored in the file's metadata. The file system key is used to encrypt the metadata. The UID and passcode protect the class key. This operation is invisible to users. To enable data protection, the passcode must be used when accessing the device. The passcode unlocks the device. Combined with the UID, the passcode also creates iOS encryption keys that are more resistant to hacking and brute-force attacks. Enabling data protection is the main reason for users to use passcodes on their devices. 82 | 83 | ### Sandbox 84 | 85 | The [appsandbox](https://developer.apple.com/library/content/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemOverview/FileSystemOverview.html "File System Basics") is an iOS access control technology. It is enforced at the kernel level. Its purpose is limiting system and user data damage that may occur when an app is compromised. 86 | 87 | Sandboxing has been a core security feature since the first release of iOS. All third-party apps run under the same user (`mobile`), and only a few system applications and services run as `root` (or other specific system users). Regular iOS apps are confined to a _container_ that restricts access to the app's own files and a very limited number of system APIs. Access to all resources (such as files, network sockets, IPCs, and shared memory) are controlled by the sandbox. These restrictions work as follows [#levin]: 88 | 89 | - The app process is restricted to its own directory (under /var/mobile/Containers/ Bundle/Application/ or /var/containers/Bundle/Application/, depending on the iOS version) via a chroot-like process. 90 | - The `mmap` and `mmprotect` system calls are modified to prevent apps from making writable memory pages executable and stopping processes from executing dynamically generated code. In combination with code signing and FairPlay, this strictly limits what code can run under specific circumstances (e.g., all code in apps distributed via the App Store is approved by Apple). 91 | - Processes are isolated from each other, even if they are owned by the same UID at the operating system level. 92 | - Hardware drivers can't be accessed directly. Instead, they must be accessed through Apple's public frameworks. 93 | 94 | ### General Exploit Mitigations 95 | 96 | iOS implements address space layout randomization (ASLR) and eXecute Never (XN) bit to mitigate code execution attacks. 97 | 98 | ASLR randomizes the memory location of the program's executable file, data, heap, and stack every time the program is executed. Because the shared libraries must be static to be accessed by multiple processes, the addresses of shared libraries are randomized every time the OS boots instead of every time the program is invoked. This makes specific function and library memory addresses hard to predict, thereby preventing attacks such as the return-to-libc attack, which involves the memory addresses of basic libc functions. 99 | 100 | The XN mechanism allows iOS to mark selected memory segments of a process as non-executable. On iOS, the process stack and heap of user-mode processes is marked non-executable. Pages that are writable cannot be marked executable at the same time. This prevents attackers to execute machine code injected into the stack or heap. 101 | 102 | ## Software Development on iOS 103 | 104 | Like other platforms, Apple provides a Software Development Kit (SDK) that helps developers to develop, install, run, and test native iOS Apps. Xcode is an Integrated Development Environment (IDE) for Apple software development. iOS applications are developed in Objective-C or Swift. 105 | 106 | Objective-C is an object-oriented programming language that adds Smalltalk-style messaging to the C programming language. It is used on macOS to develop desktop applications and on iOS to develop mobile applications. Swift is the successor of Objective-C and allows interoperability with Objective-C. 107 | 108 | Swift was introduced with Xcode 6 in 2014. 109 | 110 | On a non-jailbroken device, there are two ways to install an application out of the App Store: 111 | 112 | 1. via Enterprise Mobile Device Management. This requires a company-wide certificate signed by Apple. 113 | 2. via sideloading, i.e., by signing an app with a developer's certificate and installing it on the device via Xcode (or Cydia Impactor). A limited number of devices can be installed to with the same certificate. 114 | 115 | ## Apps on iOS 116 | 117 | iOS apps are distributed in IPA (iOS App Store Package) archives. The IPA file is a ZIP-compressed archive that contains all the code and resources required to execute the app. 118 | 119 | IPA files have a built-in directory structure. The example below shows this structure at a high level: 120 | 121 | - `/Payload/` folder contains all the application data. We will come back to the contents of this folder in more detail. 122 | - `/Payload/Application.app` contains the application data itself (ARM-compiled code) and associated static resources. 123 | - `/iTunesArtwork` is a 512x512 pixel PNG image used as the application's icon. 124 | - `/iTunesMetadata.plist` contains various bits of information, including the developer's name and ID, the bundle identifier, copyright information, genre, the name of the app, release date, purchase date, etc. 125 | - `/WatchKitSupport/WK` is an example of an extension bundle. This specific bundle contains the extension delegate and the controllers for managing the interfaces and responding to user interactions on an Apple Watch. 126 | 127 | ### IPA Payloads - A Closer Look 128 | 129 | Let's take a closer look at the different files in the IPA container. Apple uses a relatively flat structure with few extraneous directories to save disk space and simplify file access. The top-level bundle directory contains the application's executable file and all the resources the application uses (for example, the application icon, other images, and localized content . 130 | 131 | - **MyApp**: The executable file containing the compiled (unreadable) application source code. 132 | - **Application**: Application icons. 133 | - **Info.plist**: Configuration information, such as bundle ID, version number, and application display name. 134 | - **Launch images**: Images showing the initial application interface in a specific orientation. The system uses one of the provided launch images as a temporary background until the application is fully loaded. 135 | - **MainWindow.nib**: Default interface objects that are loaded when the application is launched. Other interface objects are then either loaded from other nib files or created programmatically by the application. 136 | - **Settings.bundle**: Application-specific preferences to be displayed in the Settings app. 137 | - **Custom resource files**: Non-localized resources are placed in the top-level directory and localized resources are placed in language-specific subdirectories of the application bundle. Resources include nib files, images, sound files, configuration files, strings files, and any other custom data files the application uses. 138 | 139 | A language.lproj folder exists for each language that the application supports. It contains a storyboard and strings file. 140 | 141 | - A storyboard is a visual representation of the iOS application's user interface. It shows screens and the connections between those screens. 142 | - The strings file format consists of one or more key-value pairs and optional comments. 143 | 144 | 145 | 146 | On a jailbroken device, you can recover the IPA for an installed iOS app using different tools that allow decrypting the main app binary and reconstruct the IPA file. Similarly, on a jailbroken device you can install the IPA file with [IPA Installer](https://github.com/autopear/ipainstaller "IPA Installer"). During mobile security assessments, developers often give you the IPA directly. They can send you the actual file or provide access to the development-specific distribution platform they use, e.g. [TestFlight](https://developer.apple.com/testflight/ "TestFlight") or [Visual Studio App Center](https://appcenter.ms/ "Visual Studio App Center"). 147 | 148 | ### App Permissions 149 | 150 | In contrast to Android apps (before Android 6.0 (API level 23)), iOS apps don't have pre-assigned permissions. Instead, the user is asked to grant permission during runtime, when the app attempts to use a sensitive API for the first time. Apps that have been granted permissions are listed in the Settings > Privacy menu, allowing the user to modify the app-specific setting. Apple calls this permission concept [privacy controls](https://support.apple.com/en-sg/HT203033 "Apple - About privacy and Location Services in iOS 8 and later"). 151 | 152 | iOS developers can't set requested permissions directly, these will be requested indirectly when accessing sensitive APIs. For example, when accessing a user's contacts, any call to CNContactStore blocks the app while the user is being asked to grant or deny access. Starting with iOS 10.0, apps must include usage description keys for the types of permissions they request and data they need to access (e.g., NSContactsUsageDescription). 153 | 154 | The following APIs [require user permission](https://www.apple.com/business/docs/iOS_Security_Guide.pdf "iOS Security Guide. Page 62"): 155 | 156 | - Contacts 157 | - Microphone 158 | - Calendars 159 | - Camera 160 | - Reminders 161 | - HomeKit 162 | - Photos 163 | - Health 164 | - Motion activity and fitness 165 | - Speech recognition 166 | - Location Services 167 | - Bluetooth sharing 168 | - Media Library 169 | - Social media accounts 170 | 171 | ## iOS Application Attack surface 172 | 173 | The iOS application attack surface consists of all components of the application, including the supportive material necessary to release the app and to support its functioning. The iOS application may be vulnerable to attack if it does not: 174 | 175 | - Validate all input by means of IPC communication or URL schemes, see also: 176 | - [Testing Custom URL Schemes](0x06h-Testing-Platform-Interaction.md#testing-custom-url-schemes-mstg-platform-3) 177 | - Validate all input by the user in input fields. 178 | - Validate the content loaded inside a WebView, see also: 179 | - [Testing iOS WebViews](0x06h-Testing-Platform-Interaction.md#testing-ios-webviews-mstg-platform-5) 180 | - [Determining Whether Native Methods Are Exposed Through WebViews](0x06h-Testing-Platform-Interaction.md#determining-whether-native-methods-are-exposed-through-webviews-mstg-platform-7) 181 | - Securely communicate with backend servers or is susceptible to man-in-the-middle (MITM) attacks between the server and the mobile application, see also: 182 | - [Testing Network Communication](0x04f-Testing-Network-Communication.md#testing-network-communication) 183 | - [iOS Network Communication](0x06g-Testing-Network-Communication.md) 184 | - Securely stores all local data, or loads untrusted data from storage, see also: 185 | - [Data Storage on iOS](0x06d-Testing-Data-Storage.md#data-storage-on-ios) 186 | - Protect itself against compromised environments, repackaging or other local attacks, see also: 187 | - [iOS Anti-Reversing Defenses](0x06j-Testing-Resiliency-Against-Reverse-Engineering.md#ios-anti-reversing-defenses) 188 | -------------------------------------------------------------------------------- /Document/0x06f-Testing-Local-Authentication.md: -------------------------------------------------------------------------------- 1 | # iOS Local Authentication 2 | 3 | During local authentication, an app authenticates the user against credentials stored locally on the device. In other words, the user "unlocks" the app or some inner layer of functionality by providing a valid PIN, password or biometric characteristics such as face or fingerprint, which is verified by referencing local data. Generally, this is done so that users can more conveniently resume an existing session with a remote service or as a means of step-up authentication to protect some critical function. 4 | 5 | As stated before in chapter "[Mobile App Authentication Architectures](0x04e-Testing-Authentication-and-Session-Management.md)": The tester should be aware that local authentication should always be enforced at a remote endpoint or based on a cryptographic primitive. Attackers can easily bypass local authentication if no data returns from the authentication process. 6 | 7 | ## Testing Local Authentication (MSTG-AUTH-8 and MSTG-STORAGE-11) 8 | 9 | On iOS, a variety of methods are available for integrating local authentication into apps. The [Local Authentication framework](https://developer.apple.com/documentation/localauthentication "Local Authentication framework") provides a set of APIs for developers to extend an authentication dialog to a user. In the context of connecting to a remote service, it is possible (and recommended) to leverage the [keychain](https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html "Keychain Services") for implementing local authentication. 10 | 11 | Fingerprint authentication on iOS is known as _Touch ID_. The fingerprint ID sensor is operated by the [SecureEnclave security coprocessor](https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf "Demystifying the Secure Enclave Processor by Tarjei Mandt, Mathew Solnik, and David Wang") and does not expose fingerprint data to any other parts of the system. Next to Touch ID, Apple introduced _Face ID_: which allows authentication based on facial recognition. Both use similar APIs on an application level, the actual method of storing the data and retrieving the data (e.g. facial data or fingerprint related data is different). 12 | 13 | Developers have two options for incorporating Touch ID/Face ID authentication: 14 | 15 | - `LocalAuthentication.framework` is a high-level API that can be used to authenticate the user via Touch ID. The app can't access any data associated with the enrolled fingerprint and is notified only whether authentication was successful. 16 | - `Security.framework` is a lower level API to access [keychain services](https://developer.apple.com/documentation/security/keychain_services "keychain Services"). This is a secure option if your app needs to protect some secret data with biometric authentication, since the access control is managed on a system-level and can not easily be bypassed. `Security.framework` has a C API, but there are several [open source wrappers available](https://www.raywenderlich.com/147308/secure-ios-user-data-keychain-touch-id "How To Secure iOS User Data: The keychain and Touch ID"), making access to the keychain as simple as to NSUserDefaults. `Security.framework` underlies `LocalAuthentication.framework`; Apple recommends to default to higher-level APIs whenever possible. 17 | 18 | Please be aware that using either the `LocalAuthentication.framework` or the `Security.framework`, will be a control that can be bypassed by an attacker as it does only return a boolean and no data to proceed with. See [Don't touch me that way, by David Lindner et al](https://www.youtube.com/watch?v=XhXIHVGCFFM "Don\'t Touch Me That Way - David Lindner") for more details. 19 | 20 | ### Local Authentication Framework 21 | 22 | The Local Authentication framework provides facilities for requesting a passphrase or Touch ID authentication from users. Developers can display and utilize an authentication prompt by utilizing the function `evaluatePolicy` of the `LAContext` class. 23 | 24 | Two available policies define acceptable forms of authentication: 25 | 26 | - `deviceOwnerAuthentication`(Swift) or `LAPolicyDeviceOwnerAuthentication`(Objective-C): When available, the user is prompted to perform Touch ID authentication. If Touch ID is not activated, the device passcode is requested instead. If the device passcode is not enabled, policy evaluation fails. 27 | 28 | - `deviceOwnerAuthenticationWithBiometrics` (Swift) or `LAPolicyDeviceOwnerAuthenticationWithBiometrics`(Objective-C): Authentication is restricted to biometrics where the user is prompted for Touch ID. 29 | 30 | The `evaluatePolicy` function returns a boolean value indicating whether the user has authenticated successfully. 31 | 32 | The Apple Developer website offers code samples for both [Swift](https://developer.apple.com/documentation/localauthentication "LocalAuthentication") and [Objective-C](https://developer.apple.com/documentation/localauthentication?language=objc "LocalAuthentication"). A typical implementation in Swift looks as follows. 33 | 34 | ```default 35 | let context = LAContext() 36 | var error: NSError? 37 | 38 | guard context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) else { 39 | // Could not evaluate policy; look at error and present an appropriate message to user 40 | } 41 | 42 | context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Please, pass authorization to enter this area") { success, evaluationError in 43 | guard success else { 44 | // User did not authenticate successfully, look at evaluationError and take appropriate action 45 | } 46 | 47 | // User authenticated successfully, take appropriate action 48 | } 49 | ``` 50 | 51 | - _Touch ID authentication in Swift using the Local Authentication Framework (official code sample from Apple)._ 52 | 53 | ### Using Keychain Services for Local Authentication 54 | 55 | The iOS keychain APIs can (and should) be used to implement local authentication. During this process, the app stores either a secret authentication token or another piece of secret data identifying the user in the keychain. In order to authenticate to a remote service, the user must unlock the keychain using their passphrase or fingerprint to obtain the secret data. 56 | 57 | The keychain allows saving items with the special `SecAccessControl` attribute, which will allow access to the item from the keychain only after the user has passed Touch ID authentication (or passcode, if such a fallback is allowed by attribute parameters). 58 | 59 | In the following example we will save the string "test_strong_password" to the keychain. The string can be accessed only on the current device while the passcode is set (`kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly` parameter) and after Touch ID authentication for the currently enrolled fingers only (`SecAccessControlCreateFlags.biometryCurrentSet` parameter): 60 | 61 | #### Swift 62 | 63 | ```default 64 | // 1. Create the AccessControl object that will represent authentication settings 65 | 66 | var error: Unmanaged? 67 | 68 | guard let accessControl = SecAccessControlCreateWithFlags(kCFAllocatorDefault, 69 | kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, 70 | SecAccessControlCreateFlags.biometryCurrentSet, 71 | &error) else { 72 | // failed to create AccessControl object 73 | 74 | return 75 | } 76 | 77 | // 2. Create the keychain services query. Pay attention that kSecAttrAccessControl is mutually exclusive with kSecAttrAccessible attribute 78 | 79 | var query: [String: Any] = [:] 80 | 81 | query[kSecClass as String] = kSecClassGenericPassword 82 | query[kSecAttrLabel as String] = "com.me.myapp.password" as CFString 83 | query[kSecAttrAccount as String] = "OWASP Account" as CFString 84 | query[kSecValueData as String] = "test_strong_password".data(using: .utf8)! as CFData 85 | query[kSecAttrAccessControl as String] = accessControl 86 | 87 | // 3. Save the item 88 | 89 | let status = SecItemAdd(query as CFDictionary, nil) 90 | 91 | if status == noErr { 92 | // successfully saved 93 | } else { 94 | // error while saving 95 | } 96 | 97 | // 4. Now we can request the saved item from the keychain. Keychain services will present the authentication dialog to the user and return data or nil depending on whether a suitable fingerprint was provided or not. 98 | 99 | // 5. Create the query 100 | var query = [String: Any]() 101 | query[kSecClass as String] = kSecClassGenericPassword 102 | query[kSecReturnData as String] = kCFBooleanTrue 103 | query[kSecAttrAccount as String] = "My Name" as CFString 104 | query[kSecAttrLabel as String] = "com.me.myapp.password" as CFString 105 | query[kSecUseOperationPrompt as String] = "Please, pass authorisation to enter this area" as CFString 106 | 107 | // 6. Get the item 108 | var queryResult: AnyObject? 109 | let status = withUnsafeMutablePointer(to: &queryResult) { 110 | SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0)) 111 | } 112 | 113 | if status == noErr { 114 | let password = String(data: queryResult as! Data, encoding: .utf8)! 115 | // successfully received password 116 | } else { 117 | // authorization not passed 118 | } 119 | 120 | ``` 121 | 122 | #### Objective-C 123 | 124 | ```objectivec 125 | // 1. Create the AccessControl object that will represent authentication settings 126 | CFErrorRef *err = nil; 127 | 128 | SecAccessControlRef sacRef = SecAccessControlCreateWithFlags(kCFAllocatorDefault, 129 | kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, 130 | kSecAccessControlUserPresence, 131 | err); 132 | 133 | // 2. Create the keychain services query. Pay attention that kSecAttrAccessControl is mutually exclusive with kSecAttrAccessible attribute 134 | NSDictionary* query = @{ 135 | (_ _bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 136 | (__bridge id)kSecAttrLabel: @"com.me.myapp.password", 137 | (__bridge id)kSecAttrAccount: @"OWASP Account", 138 | (__bridge id)kSecValueData: [@"test_strong_password" dataUsingEncoding:NSUTF8StringEncoding], 139 | (__bridge id)kSecAttrAccessControl: (__bridge_transfer id)sacRef 140 | }; 141 | 142 | // 3. Save the item 143 | OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, nil); 144 | 145 | if (status == noErr) { 146 | // successfully saved 147 | } else { 148 | // error while saving 149 | } 150 | 151 | // 4. Now we can request the saved item from the keychain. Keychain services will present the authentication dialog to the user and return data or nil depending on whether a suitable fingerprint was provided or not. 152 | 153 | // 5. Create the query 154 | NSDictionary *query = @{(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 155 | (__bridge id)kSecReturnData: @YES, 156 | (__bridge id)kSecAttrAccount: @"My Name1", 157 | (__bridge id)kSecAttrLabel: @"com.me.myapp.password", 158 | (__bridge id)kSecUseOperationPrompt: @"Please, pass authorisation to enter this area" }; 159 | 160 | // 6. Get the item 161 | CFTypeRef queryResult = NULL; 162 | OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &queryResult); 163 | 164 | if (status == noErr){ 165 | NSData* resultData = ( __bridge_transfer NSData* )queryResult; 166 | NSString* password = [[NSString alloc] initWithData:resultData encoding:NSUTF8StringEncoding]; 167 | NSLog(@"%@", password); 168 | } else { 169 | NSLog(@"Something went wrong"); 170 | } 171 | ``` 172 | 173 | The usage of frameworks in an app can also be detected by analyzing the app binary's list of shared dynamic libraries. This can be done by using [otool](0x08a-Testing-Tools.md#otool): 174 | 175 | ```bash 176 | otool -L .app/ 177 | ``` 178 | 179 | If `LocalAuthentication.framework` is used in an app, the output will contain both of the following lines (remember that `LocalAuthentication.framework` uses `Security.framework` under the hood): 180 | 181 | ```bash 182 | /System/Library/Frameworks/LocalAuthentication.framework/LocalAuthentication 183 | /System/Library/Frameworks/Security.framework/Security 184 | ``` 185 | 186 | If `Security.framework` is used, only the second one will be shown. 187 | 188 | ### Static Analysis 189 | 190 | It is important to remember that the LocalAuthentication framework is an event-based procedure and as such, should not be the sole method of authentication. Though this type of authentication is effective on the user-interface level, it is easily bypassed through patching or instrumentation. Therefore, it is best to use the keychain service method, which means you should: 191 | 192 | - Verify that sensitive processes, such as re-authenticating a user performing a payment transaction, are protected using the keychain services method. 193 | - Verify that access control flags are set for the keychain item which ensure that the data of the keychain item can only be unlocked by means of authenticating the user. This can be done with one of the following flags: 194 | - `kSecAccessControlBiometryCurrentSet` (before iOS 11.3 `kSecAccessControlTouchIDCurrentSet`). This will make sure that a user needs to authenticate with biometrics (e.g. Face ID or Touch ID) before accessing the data in the keychain item. Whenever the user adds a fingerprint or facial representation to the device, it will automatically invalidate the entry in the Keychain. This makes sure that the keychain item can only ever be unlocked by users that were enrolled when the item was added to the keychain. 195 | - `kSecAccessControlBiometryAny` (before iOS 11.3 `kSecAccessControlTouchIDAny`). This will make sure that a user needs to authenticate with biometrics (e.g. Face ID or Touch ID) before accessing the data in the Keychain entry. The Keychain entry will survive any (re-)enroling of new fingerprints or facial representation. This can be very convenient if the user has a changing fingerprint. However, it also means that attackers, who are somehow able to enrole their fingerprints or facial representations to the device, can now access those entries as well. 196 | - `kSecAccessControlUserPresence` can be used as an alternative. This will allow the user to authenticate through a passcode if the biometric authentication no longer works. This is considered to be weaker than `kSecAccessControlBiometryAny` since it is much easier to steal someone's passcode entry by means of shouldersurfing, than it is to bypass the Touch ID or Face ID service. 197 | - In order to make sure that biometrics can be used, verify that the `kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly` or the `kSecAttrAccessibleWhenPasscodeSet` protection class is set when the `SecAccessControlCreateWithFlags` method is called. Note that the `...ThisDeviceOnly` variant will make sure that the keychain item is not synchronized with other iOS devices. 198 | 199 | > Note, a data protection class specifies the access methodology used to secure the data. Each class uses different policies to determine when the data 200 | is accessible. 201 | 202 | ### Dynamic Analysis 203 | 204 | [Objection Biometrics Bypass](https://github.com/sensepost/objection/wiki/Understanding-the-iOS-Biometrics-Bypass "Understanding the iOS Biometrics Bypass") can be used to bypass LocalAuthentication. Objection uses Frida to instrument the `evaluatePolicy` function so that it returns `True` even if authentication was not successfully performed. Use the `ios ui biometrics_bypass` command to bypass the insecure biometric authentication. Objection will register a job, which will replace the `evaluatePolicy` result. It will work in both, Swift and Objective-C implementations. 205 | 206 | ```bash 207 | ...itudehacks.DVIAswiftv2.develop on (iPhone: 13.2.3) [usb] # ios ui biometrics_bypass 208 | (agent) Registering job 3mhtws9x47q. Type: ios-biometrics-disable 209 | ...itudehacks.DVIAswiftv2.develop on (iPhone: 13.2.3) [usb] # (agent) [3mhtws9x47q] Localized Reason for auth requirement: Please authenticate yourself 210 | (agent) [3mhtws9x47q] OS authentication response: false 211 | (agent) [3mhtws9x47q] Marking OS response as True instead 212 | (agent) [3mhtws9x47q] Biometrics bypass hook complete 213 | ``` 214 | 215 | If vulnerable, the module will automatically bypass the login form. 216 | 217 | ## Note regarding temporariness of keys in the Keychain 218 | 219 | Unlike macOS and Android, iOS currently (at iOS 12) does not support temporariness of an item's accessibility in the keychain: when there is no additional security check when entering the keychain (e.g. `kSecAccessControlUserPresence` or similar is set), then once the device is unlocked, a key will be accessible. 220 | 221 | ## References 222 | 223 | ### OWASP MASVS 224 | 225 | - MSTG-AUTH-8: "Biometric authentication, if any, is not event-bound (i.e. using an API that simply returns "true" or "false"). Instead, it is based on unlocking the keychain/keystore." 226 | - MSTG-STORAGE-11: "The app enforces a minimum device-access-security policy, such as requiring the user to set a device passcode." 227 | -------------------------------------------------------------------------------- /Document/0x08b-Reference-Apps.md: -------------------------------------------------------------------------------- 1 | # Reference applications 2 | 3 | The applications listed below can be used as training materials. Note: only the MASTG apps and Crackmes are tested and maintained by the MAS project. 4 | 5 | ## Android 6 | 7 | ### Android Crackmes 8 | 9 | A set of apps to test your Android application hacking skills - 10 | 11 | #### Android UnCrackable L1 12 | 13 | Available at 14 | 15 | #### Android UnCrackable L2 16 | 17 | Available at 18 | 19 | #### Android UnCrackable L3 20 | 21 | Available at 22 | 23 | #### Android UnCrackable L4 24 | 25 | Available at 26 | 27 | #### Android License Validator 28 | 29 | Available at 30 | 31 | ### AndroGoat 32 | 33 | An open source vulnerable/insecure app using Kotlin. This app has a wide range of vulnerabilities related to certificate pinning, custom URL schemes, Android Network Security Configuration, WebViews, root detection and over 20 other vulnerabilities - 34 | 35 | ### DVHMA 36 | 37 | A hybrid mobile app (for Android) that intentionally contains vulnerabilities - 38 | 39 | ### Digitalbank 40 | 41 | A vulnerable app created in 2015, which can be used on older Android platforms - 42 | 43 | ### DIVA Android 44 | 45 | An app intentionally designed to be insecure which has received updates in 2016 and contains 13 different challenges - 46 | 47 | ### DodoVulnerableBank 48 | 49 | An insecure Android app from 2015 - 50 | 51 | ### InsecureBankv2 52 | 53 | A vulnerable Android app made for security enthusiasts and developers to learn the Android insecurities by testing a vulnerable application. It has been updated in 2018 and contains a lot of vulnerabilities - 54 | 55 | ### MASTG Hacking Playground 56 | 57 | A vulnerable Android app with vulnerabilities similar to the test cases described in this document 58 | 59 | #### MASTG Hacking Playground (Java) 60 | 61 | Available at 62 | 63 | #### MASTG Hacking Playground (Kotlin) 64 | 65 | Available at 66 | 67 | ### OVAA 68 | 69 | An Android app that aggregates all the platform's known and popular security vulnerabilities - 70 | 71 | ## iOS 72 | 73 | ### iOS Crackmes 74 | 75 | A set of applications to test your iOS application hacking skills - 76 | 77 | #### iOS UnCrackable L1 78 | 79 | Available at 80 | 81 | #### iOS UnCrackable L2 82 | 83 | Available at 84 | 85 | ### Myriam 86 | 87 | A vulnerable iOS app with iOS security challenges - 88 | 89 | ### DVIA 90 | 91 | A vulnerable iOS app written in Objective-C which provides a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills - 92 | 93 | ### DVIA-v2 94 | 95 | A vulnerable iOS app, written in Swift with over 15 vulnerabilities - 96 | 97 | ### iGoat 98 | 99 | An iOS Objective-C app serving as a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. It was inspired by the WebGoat project, and has a similar conceptual flow to it - 100 | 101 | ### iGoat-Swift 102 | 103 | A Swift version of original iGoat project - 104 | 105 | ### OVIA 106 | 107 | An iOS app that aggregates all the platform's known and popular security vulnerabilities - 108 | 109 | ### UnSAFE Bank 110 | 111 | UnSAFE Bank is a core virtual banking application designed with the aim to incorporate the cybersecurity risks and various test cases such that newbie, developers, and security analysts can learn, hack and improvise their vulnerability assessment and penetration testing skills. - 112 | -------------------------------------------------------------------------------- /Document/0x09-Suggested-Reading.md: -------------------------------------------------------------------------------- 1 | # Suggested Reading 2 | 3 | ## Mobile App Security 4 | 5 | ### Android 6 | 7 | - Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehous (2015) _Mobile Application Hacker's Handbook_. Wiley. Available at: 8 | - Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva, Stephen A. Ridley, Georg Wicherski (2014) _Android Hacker's Handbook_. Wiley. Available at: 9 | - Godfrey Nolan (2014) _Bulletproof Android_. Addison-Wesley Professional. Available at: 10 | - Nikolay Elenkov (2014) _Android Security Internals: An In-Depth Guide to Android's Security Architecture_. No Starch Press. Available at: 11 | - Jonathan Levin (2015) _Android Internals :: A confectioners cookbook - Volume I: The power user's view_. Technologeeks.com. Available at: 12 | 13 | ### iOS 14 | 15 | - Charlie Miller, Dionysus Blazakis, Dino Dai Zovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philipp Weinmann (2012) _iOS Hacker's Handbook_. Wiley. Available at: 16 | - David Thiel (2016) _iOS Application Security, The Definitive Guide for Hackers and Developers_. no starch press. Available at: 17 | - Jonathan Levin (2017), _Mac OS X and iOS Internals_, Wiley. Available at: 18 | 19 | ## Reverse Engineering 20 | 21 | - Bruce Dang, Alexandre Gazet, Elias Backaalany (2014) _Practical Reverse Engineering_. Wiley. Available at: 22 | - Skakenunny, Hangcom _iOS App Reverse Engineering_. Online. Available at: 23 | - Bernhard Mueller (2016) _Hacking Soft Tokens - Advanced Reverse Engineering on Android_. HITB GSEC Singapore. Available at: 24 | - Dennis Yurichev (2016) _Reverse Engineering for Beginners_. Online. Available at: 25 | - Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters (2014) _The Art of Memory Forensics._ Wiley. Available at: 26 | - Jacob Baines (2016) _Programming Linux Anti-Reversing Techniques_. Leanpub. Available at: 27 | -------------------------------------------------------------------------------- /Document/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All our Changelogs are available online at the OWASP MASTG GitHub repository, see the Releases page: 4 | 5 | 6 | -------------------------------------------------------------------------------- /Document/Images/CC-license.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/CC-license.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x03/owasp-mobile-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x03/owasp-mobile-overview.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04/frida.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04/frida.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04b/DevSecOpsProcess.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04b/DevSecOpsProcess.JPG -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04b/ExampleOfADevSecOpsProcess.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04b/ExampleOfADevSecOpsProcess.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04b/SDLCOverview.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04b/SDLCOverview.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_elf_import.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_elf_import.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_function_graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_function_graph.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_import_binary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_import_binary.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_main_window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_main_window.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_new_project.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_new_project.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04c/Ghidra_string_window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04c/Ghidra_string_window.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04e/BurpIntruderInputList.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04e/BurpIntruderInputList.gif -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04e/BurpIntruderInputList.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04e/BurpIntruderInputList.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04e/BurpIntruderSuccessfulAttack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04e/BurpIntruderSuccessfulAttack.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04e/abstract_oath2_flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04e/abstract_oath2_flow.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04e/zxcvbn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04e/zxcvbn.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04f/BURP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04f/BURP.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04f/architecture_MITM_AP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04f/architecture_MITM_AP.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04f/bettercap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04f/bettercap.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04f/burp_xamarin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04f/burp_xamarin.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x04i/masa_framework.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x04i/masa_framework.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/Selection_003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/Selection_003.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/android_software_stack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/android_software_stack.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/apk-validation-process-v3-scheme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/apk-validation-process-v3-scheme.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/apk-validation-process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/apk-validation-process.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/binder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/binder.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/java2oat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/java2oat.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05a/java_vs_dalvik.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05a/java_vs_dalvik.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/Android_Wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/Android_Wireshark.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/FCM-notifications-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/FCM-notifications-overview.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/FCM-notifications-overview.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | Produced by OmniGraffle 6.4 2016-02-05 18:02:43 +0000Canvas 2Layer 1Downstream MessageUpstream MessageDownstream MessageApp ServerHTTPXMPPGCM Connection ServerClient AppDownstream MessageHTTP responseDown/UpstreamMessage with ACKAndroid.ChromeiOS. 4 | -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/FCM_Intercept.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/FCM_Intercept.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-advanced-options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-advanced-options.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-cert-install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-cert-install.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-confirm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-confirm.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-downloads-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-downloads-app.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-modify-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-modify-network.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-proxy-hostname-port.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-proxy-hostname-port.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-proxy-manual.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-proxy-manual.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-settings.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-studio-file-device-explorer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-studio-file-device-explorer.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-wifi-on.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-wifi-on.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android-wifi-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android-wifi-settings.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/android_ssl_pinning_bypass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/android_ssl_pinning_bypass.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-add-proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-add-proxy.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-bind-port-and-address.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-bind-port-and-address.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-ca-certificate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-ca-certificate.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-https-intercepted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-https-intercepted.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-intercepted-request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-intercepted-request.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/burp-running-proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/burp-running-proxy.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/emulator-proxy.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/emulator-proxy.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/emulator-proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/emulator-proxy.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/log_output_Android_Studio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/log_output_Android_Studio.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/mail-cert-download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/mail-cert-download.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/mobsf_android.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/mobsf_android.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/mstg-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/mstg-network.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/r2_graphmode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/r2_graphmode.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/r2_pd_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/r2_pd_10.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/r2_visualmode_disass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/r2_visualmode_disass.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/r2_visualmode_hex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/r2_visualmode_hex.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/server.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/sftp-with-filezilla.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/sftp-with-filezilla.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/string.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/string.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05b/tcpdump_and_wireshard_on_android.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05b/tcpdump_and_wireshard_on_android.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/Choose_Process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/Choose_Process.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/Force_Step_Into.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/Force_Step_Into.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/Ghidra_decompiled_function.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/Ghidra_decompiled_function.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/IDA_open_file.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/IDA_open_file.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/JNI_interface.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/JNI_interface.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/MainActivity_verify.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/MainActivity_verify.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/anti_debug_anti_tamper_defeated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/anti_debug_anti_tamper_defeated.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/archs.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/archs.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/check_input.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/check_input.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/crackme-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/crackme-1.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/crackme-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/crackme-1.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/crackme-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/crackme-2.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/crackme-frida-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/crackme-frida-1.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/custom_kernel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/custom_kernel.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/debugger_detection.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/debugger_detection.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/debugger_detection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/debugger_detection.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/delete_package.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/delete_package.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/developer-options.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/developer-options.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/developer-options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/developer-options.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/disass_main_1874.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/disass_main_1874.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/drag_code.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/drag_code.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/file_exists_false.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/file_exists_false.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/final_structure.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/final_structure.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/frida_trace_native_functions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/frida_trace_native_functions.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/fucntion_a_of_class_sg_vantagepoint_a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/fucntion_a_of_class_sg_vantagepoint_a.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/ghidra_dex_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/ghidra_dex_strings.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/graph_1874.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/graph_1874.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/graph_ifelse_1760.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/graph_ifelse_1760.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/helloworld.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/helloworld.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/helloworld.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/helloworld.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/helloworld_stringfromjni.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/helloworld_stringfromjni.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/intellij_new_project.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/intellij_new_project.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/jni_tracing_helloworldjni.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/jni_tracing_helloworldjni.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/loop_1784.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/loop_1784.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/method_breakpoint.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/method_breakpoint.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/modified_binary_name.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/modified_binary_name.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/patching-sslpinning.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/patching-sslpinning.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/pseudocode_1760.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/pseudocode_1760.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/refactored.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/refactored.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/sdk_manager.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/sdk_manager.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/secret_code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/secret_code.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/set_breakpoint_and_attach_debugger.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/set_breakpoint_and_attach_debugger.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/set_value.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/set_value.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/sg_vantagepoint_uncrackable1_a_function_a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/sg_vantagepoint_uncrackable1_a_function_a.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/step_out.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/step_out.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/step_over.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/step_over.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/success.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/syscall_hooking.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/syscall_hooking.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/values_compare_17dc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/values_compare_17dc.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/variables.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/variables.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05c/waitfordebugger.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05c/waitfordebugger.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/1.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/2.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/3.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/Android9_secure_key_import_to_keystore.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/Android9_secure_key_import_to_keystore.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/Android9_secure_key_import_to_keystore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/Android9_secure_key_import_to_keystore.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/Dump_Java_Heap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/Dump_Java_Heap.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/FirebaseScannerImage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/FirebaseScannerImage.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05d/Package_Tree_View.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05d/Package_Tree_View.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05f/biometricprompt-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05f/biometricprompt-architecture.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05h/MobSF_Show_Components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05h/MobSF_Show_Components.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05h/app-disambiguation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05h/app-disambiguation.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x05j/proguard.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x05j/proguard.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06a/code_signing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06a/code_signing.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06a/iOS_Folder_Structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06a/iOS_Folder_Structure.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06a/iOS_Security_Architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06a/iOS_Security_Architecture.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06a/iOS_project_folder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06a/iOS_project_folder.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/HopperDecompile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/HopperDecompile.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/HopperDisassembling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/HopperDisassembling.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/Passionfruit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/Passionfruit.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/Passionfruit_Keychain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/Passionfruit_Keychain.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/Passionfruit_files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/Passionfruit_files.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/cydia.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/cydia.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/device_console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/device_console.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/finder_ipad_view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/finder_ipad_view.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/finder_unveil_udid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/finder_unveil_udid.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/fridaStockiOS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/fridaStockiOS.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/install_agent_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/install_agent_1.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/install_agent_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/install_agent_2.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/install_needle_agent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/install_needle_agent.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/install_needle_agent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/install_needle_agent.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/ios_ssl_pinning_bypass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/ios_ssl_pinning_bypass.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/mobsf_ios.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/mobsf_ios.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/needle_agent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/needle_agent.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/needle_agent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/needle_agent.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/open_device_console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/open_device_console.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_bundle_dir.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_bundle_dir.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_classes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_classes.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_classes_detail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_classes_detail.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_console_logs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_console_logs.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_data_dir.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_data_dir.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_db_view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_db_view.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_file_download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_file_download.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_installed_apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_installed_apps.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_modules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_modules.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_modules_detail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_modules_detail.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_plist_view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_plist_view.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/passionfruit_userdefaults.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/passionfruit_userdefaults.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/setBurpProxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/setBurpProxy.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/setProxyiDevice.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/setProxyiDevice.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06b/wireshark_filters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06b/wireshark_filters.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/Cycript_Jailbreak.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/Cycript_Jailbreak.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/Cycript_Jailbreak_Passed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/Cycript_Jailbreak_Passed.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/Cycript_bypass_Jailbreak.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/Cycript_bypass_Jailbreak.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/cycript_sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/cycript_sample.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/debugging_ghidra_breakpoint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/debugging_ghidra_breakpoint.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/debugging_ghidra_image_base_address.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/debugging_ghidra_image_base_address.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/debugging_lldb_breakpoint_solution.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/debugging_lldb_breakpoint_solution.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/debugging_lldb_image_list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/debugging_lldb_image_list.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/frida-xcode-log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/frida-xcode-log.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/ida_macho_import.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/ida_macho_import.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/ida_main_window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/ida_main_window.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_app_home_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_app_home_screen.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_app_home_screen2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_app_home_screen2.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_app_wrong_input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_app_wrong_input.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_buttonclick_decompiled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_buttonclick_decompiled.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_function_graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_function_graph.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_native_disassembly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_native_disassembly.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_objc_runtime_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_objc_runtime_strings.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_strings.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_symbol_tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_symbol_tree.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/manual_reversing_ghidra_viewdidload_decompile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/manual_reversing_ghidra_viewdidload_decompile.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06c/uncrackable_sections.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06c/uncrackable_sections.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06d/bither_demo_enable_pin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06d/bither_demo_enable_pin.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06d/bither_demo_imazing_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06d/bither_demo_imazing_1.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06d/bither_demo_pin_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06d/bither_demo_pin_screen.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06d/bither_demo_plist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06d/bither_demo_plist.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06d/key_hierarchy_apple.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06d/key_hierarchy_apple.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06g/manual-server-trust-evaluation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06g/manual-server-trust-evaluation.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/URL_scheme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/URL_scheme.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/airdrop_openwith.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/airdrop_openwith.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/allowed_universal_link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/allowed_universal_link.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/app_extensions_communication.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/app_extensions_communication.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/app_extensions_container_restrictions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/app_extensions_container_restrictions.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/apple-app-site-association-file_validation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/apple-app-site-association-file_validation.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/exploit_javascript_bridge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/exploit_javascript_bridge.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/forbidden_universal_link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/forbidden_universal_link.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/iGoat_opened_via_url_scheme.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/iGoat_opened_via_url_scheme.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/open_in_telegram_via_universallink.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/open_in_telegram_via_universallink.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/open_in_telegram_via_urlscheme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/open_in_telegram_via_urlscheme.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/permission_request_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/permission_request_alert.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/purpose_strings_xcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/purpose_strings_xcode.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/settings_allow_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/settings_allow_screen.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/sfsafariviewcontroller.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/sfsafariviewcontroller.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/share_activity_sheet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/share_activity_sheet.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/telegram_add_stickers_universal_link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/telegram_add_stickers_universal_link.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/telegram_share_extension.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/telegram_share_extension.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/telegram_share_something.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/telegram_share_something.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06h/xcode_embed_app_extensions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06h/xcode_embed_app_extensions.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/Android9_secure_key_import_to_keystore.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/Android9_secure_key_import_to_keystore.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/control-flow-flattening.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/control-flow-flattening.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/deviceISjailbroken.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/deviceISjailbroken.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/deviceisNOTjailbroken.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/deviceisNOTjailbroken.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/no_obfuscation.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/no_obfuscation.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/no_obfuscation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/no_obfuscation.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/ptraceDisassembly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/ptraceDisassembly.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/ptracePatched.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/ptracePatched.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/swiftshield_obfuscated.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/swiftshield_obfuscated.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/swiftshield_obfuscated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/swiftshield_obfuscated.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/sysctlOriginal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/sysctlOriginal.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x06j/sysctlPatched.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x06j/sysctlPatched.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x07b/blackbox-resiliency-testing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x07b/blackbox-resiliency-testing.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x07b/boxplot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x07b/boxplot.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x07b/multiprocess-fork-ptrace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x07b/multiprocess-fork-ptrace.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x07c/ECB.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x07c/ECB.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x07c/EncryptionMode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x07c/EncryptionMode.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x08a/jadx_copy_frida_snippet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x08a/jadx_copy_frida_snippet.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x5e/EncryptionMode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x5e/EncryptionMode.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x5e/static_encryption_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x5e/static_encryption_key.png -------------------------------------------------------------------------------- /Document/Images/Chapters/0x6f/biometric_auth_try_again.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x6f/biometric_auth_try_again.jpg -------------------------------------------------------------------------------- /Document/Images/Chapters/0x6f/boimetric_auth.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Chapters/0x6f/boimetric_auth.jpg -------------------------------------------------------------------------------- /Document/Images/Donators/donators.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Donators/donators.png -------------------------------------------------------------------------------- /Document/Images/GitHub_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/GitHub_logo.png -------------------------------------------------------------------------------- /Document/Images/ISBN.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/ISBN.png -------------------------------------------------------------------------------- /Document/Images/OWASP_logo-bw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/OWASP_logo-bw.png -------------------------------------------------------------------------------- /Document/Images/OWASP_logo_white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/OWASP_logo_white.png -------------------------------------------------------------------------------- /Document/Images/Other/GitHub_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/GitHub_logo.png -------------------------------------------------------------------------------- /Document/Images/Other/android-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/android-logo.png -------------------------------------------------------------------------------- /Document/Images/Other/bsi-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/bsi-logo.png -------------------------------------------------------------------------------- /Document/Images/Other/crest_logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/crest_logo.jpg -------------------------------------------------------------------------------- /Document/Images/Other/ioxt-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/ioxt-logo.png -------------------------------------------------------------------------------- /Document/Images/Other/nist-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/nist-logo.png -------------------------------------------------------------------------------- /Document/Images/Other/nowsecure-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/nowsecure-logo.png -------------------------------------------------------------------------------- /Document/Images/Other/trusted-by-logos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/trusted-by-logos.png -------------------------------------------------------------------------------- /Document/Images/Other/uncrackable-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/Other/uncrackable-logo.png -------------------------------------------------------------------------------- /Document/Images/checklist_en_filled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/checklist_en_filled.png -------------------------------------------------------------------------------- /Document/Images/license.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/license.jpg -------------------------------------------------------------------------------- /Document/Images/logo_circle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/logo_circle.png -------------------------------------------------------------------------------- /Document/Images/masvs_cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/masvs_cover.png -------------------------------------------------------------------------------- /Document/Images/masvs_refactor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/masvs_refactor.png -------------------------------------------------------------------------------- /Document/Images/mstg-cover-release-small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/mstg-cover-release-small.jpg -------------------------------------------------------------------------------- /Document/Images/mstg_cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/mstg_cover.png -------------------------------------------------------------------------------- /Document/Images/open_website.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/open_website.png -------------------------------------------------------------------------------- /Document/Images/owasp_mas_header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/owasp_mas_header.png -------------------------------------------------------------------------------- /Document/Images/slack_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/slack_logo.png -------------------------------------------------------------------------------- /Document/Images/summit-team.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/summit-team.jpg -------------------------------------------------------------------------------- /Document/Images/summit_preview.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/summit_preview.jpg -------------------------------------------------------------------------------- /Document/Images/titlepage-small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/titlepage-small.jpg -------------------------------------------------------------------------------- /Document/Images/twitter_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Chaintech-Network/secureany-owasp-mstg/8454dd04458f4f0b3f699b92396c8c29143e798b/Document/Images/twitter_logo.png -------------------------------------------------------------------------------- /Document/LANGUAGE-METADATA: -------------------------------------------------------------------------------- 1 | export LANGUAGE="en" 2 | export LANGUAGETEXT="" 3 | export TOC_TITLE="Table of Contents" -------------------------------------------------------------------------------- /Document/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | - [Frontispiece](0x02a-Frontispiece.md) 4 | - [OWASP MASVS and MASTG Adoption](0x02b-MASVS-MASTG-Adoption.md) 5 | - [Acknowledgments](0x02c-Acknowledgements.md) 6 | 7 | ## Overview 8 | 9 | - [Introduction to the OWASP Mobile Application Security Project](0x03-Overview.md) 10 | - [Mobile Application Taxonomy](0x04a-Mobile-App-Taxonomy.md) 11 | - [Mobile Application Security Testing](0x04b-Mobile-App-Security-Testing.md) 12 | 13 | ## General Mobile App Testing Guide 14 | 15 | - [Mobile App Authentication Architectures](0x04e-Testing-Authentication-and-Session-Management.md) 16 | - [Testing Network Communication](0x04f-Testing-Network-Communication.md) 17 | - [Cryptography in Mobile Apps](0x04g-Testing-Cryptography.md) 18 | - [Testing Code Quality](0x04h-Testing-Code-Quality.md) 19 | - [Tampering and Reverse Engineering](0x04c-Tampering-and-Reverse-Engineering.md) 20 | - [Testing User Privacy Protection](0x04i-Testing-User-Privacy-Protection.md) 21 | 22 | ## Android Testing Guide 23 | 24 | - [Platform Overview](0x05a-Platform-Overview.md) 25 | - [Android Basic Security Testing](0x05b-Basic-Security_Testing.md) 26 | - [Data Storage on Android](0x05d-Testing-Data-Storage.md) 27 | - [Android Cryptographic APIs](0x05e-Testing-Cryptography.md) 28 | - [Local Authentication on Android](0x05f-Testing-Local-Authentication.md) 29 | - [Android Network Communication](0x05g-Testing-Network-Communication.md) 30 | - [Android Platform APIs](0x05h-Testing-Platform-Interaction.md) 31 | - [Code Quality and Build Settings for Android Apps](0x05i-Testing-Code-Quality-and-Build-Settings.md) 32 | - [Tampering and Reverse Engineering on Android](0x05c-Reverse-Engineering-and-Tampering.md) 33 | - [Android Anti-Reversing Defenses](0x05j-Testing-Resiliency-Against-Reverse-Engineering.md) 34 | 35 | ## iOS Testing Guide 36 | 37 | - [Platform Overview](0x06a-Platform-Overview.md) 38 | - [iOS Basic Security Testing](0x06b-Basic-Security-Testing.md) 39 | - [Data Storage on iOS](0x06d-Testing-Data-Storage.md) 40 | - [iOS Cryptographic APIs](0x06e-Testing-Cryptography.md) 41 | - [Local Authentication on iOS](0x06f-Testing-Local-Authentication.md) 42 | - [iOS Network Communication](0x06g-Testing-Network-Communication.md) 43 | - [iOS Platform APIs](0x06h-Testing-Platform-Interaction.md) 44 | - [Code Quality and Build Settings for iOS Apps](0x06i-Testing-Code-Quality-and-Build-Settings.md) 45 | - [Tampering and Reverse Engineering on iOS](0x06c-Reverse-Engineering-and-Tampering.md) 46 | - [iOS Anti-Reversing Defenses](0x06j-Testing-Resiliency-Against-Reverse-Engineering.md) 47 | 48 | ## Appendix 49 | 50 | - [Testing Tools](0x08a-Testing-Tools.md) 51 | - [Reference Applications](0x08b-Reference-Apps.md) 52 | - [Suggested Reading](0x09-Suggested-Reading.md) 53 | -------------------------------------------------------------------------------- /Document/metadata.md: -------------------------------------------------------------------------------- 1 | --- 2 | # This is the main metadata file. 3 | # Variables below can be overwritten by the local metadata 4 | # file (e.g. Document-fr/metadata.md) 5 | 6 | # Custom Template variables (cover, first page, etc.) 7 | version: 'SNAPSHOT' # this will overridden at build time 8 | languagetext: '' 9 | 10 | mainfont: 'DejaVu Sans' 11 | sansfont: 'DejaVu Sans' 12 | monofont: 'DejaVu Sans Mono' 13 | 14 | # General variables 15 | toc: true 16 | toc-depth: 2 17 | # numbersections: true 18 | # secnumdepth: 2 19 | linkcolor: blue 20 | 21 | # Language variables 22 | lang: 'en' 23 | 24 | # Latex variables 25 | 26 | # Eisvogel Latex variables 27 | # https://github.com/Wandmalfarbe/pandoc-latex-template#custom-template-variables 28 | code-block-font-size: '\tiny' 29 | 30 | table-use-row-colors: true 31 | geometry: "top=1cm,left=1cm,right=2cm,bottom=4cm" 32 | --- 33 | -------------------------------------------------------------------------------- /Document/metadata.yml: -------------------------------------------------------------------------------- 1 | language: 'en' 2 | languagetext: '' 3 | toc_title: 'Table of Contents' 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # secureany-owasp-mstg --------------------------------------------------------------------------------