Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MASVS to OWASP SKF #127

Open
sushi2k opened this issue Aug 5, 2018 · 4 comments
Open

Add MASVS to OWASP SKF #127

sushi2k opened this issue Aug 5, 2018 · 4 comments
Assignees
@sushi2k @mpp-anasa
Projects
MASVS project
Milestone
1.3: Mapping and ...

Comments

@sushi2k
Copy link
Collaborator

sushi2k commented Aug 5, 2018
edited

Hi,

we are at the moment in the process of migrating the MASVS requirements including documentation into the OWASP Security Knowledge Framework (SKF). See here for a description of SKF:

https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework

Here is the issue blabla1337/skf-flask#461 I created at SKF. Goal is to build the MASVS into SKF by this year. First we need to provide a description and solution to each requirement. Martin Marsicano already created the first draft for it:

https://docs.google.com/document/d/1P5Ab_CKxIFCaHdXZSVj7WY-F0Utk8kK-_tKwB4ExmiE/edit?ts=5b677f32

We should be able to get most of the information out of the MSTG, so if you want to contribute have a look at the test cases in MSTG first so we are also consistent with the description and solution (https://mobile-security.gitbook.io/mobile-security-testing-guide/).

Thanks and cheers,

Sven
@sushi2k sushi2k self-assigned this Aug 5, 2018
@commjoen commjoen added this to In progress in MASVS project Sep 21, 2018
@commjoen commjoen added this to the 1.1.3: Maintenance release milestone Oct 11, 2018
@commjoen
Copy link
Collaborator

commjoen commented Sep 2, 2019

Update: we hope to be in touch with the SKF leaders during Global Appsec Amsterdam so we can look at solutions for this item as doing this by hand will be too much work.

@commjoen commjoen self-assigned this Sep 3, 2019
@mpp-anasa
Copy link

I would like to help out with this effort. Is there any way I can contribute?

@commjoen
Copy link
Collaborator

Hi @mpp-anasa , there certainly is:

@cpholguera
Copy link
Collaborator

New script for parsing the MSTG/MASVS and generating the MSTG-ID links:

https://github.com/OWASP/owasp-masvs/blob/project-integration/tools/generate_mstgid_links.py

## MASVS Dict ##
{
    "MSTG-NETWORK-3": [
        "https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-endpoint-identify-verification-mstg-network-3",
        "https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-3-and-mstg-network-4"
    ],
    "MSTG-NETWORK-4": [
        ...
## COVERAGE ##
MSTG-RESILIENCE-4 not covered
MSTG-RESILIENCE-5 not covered
MSTG-RESILIENCE-6 not covered
...
`
``

@commjoen commjoen removed their assignment Nov 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sushi2k sushi2k

@mpp-anasa mpp-anasa

Labels
None yet
Projects
MASVS project
  
In progress
Milestone
1.3: Mapping and completion
Development

No branches or pull requests
5 participants
@commjoen @sushi2k @cpholguera @mpp-anasa and others