You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a new risk for "Potentially Weak Cryptography Implementations (MASVS-CRYPTO-1)" using the following information:
Don't use outdated or known weak implementations and don't build your own cryptography. Using custom cryptography instead of relying on established, expert-designed APIs or certified modules exposes apps to vulnerabilities due to potential implementation flaws and lack of rigorous security review.
Create "risks/MASVS-CRYPTO/1-***-****/potentially-weak-crypto-impl/risk.md" including the following content:
custom-made cryptographic APIs (e.g. via xor, bit flipping, etc. or cryptographic constants or values such as sbox, etc.)
custom algorithms, primitives, protocols
specify Cipher.getInstance provider (Android)
Android Security Provider (Android)
Jetpack Security Crypto Library (Android)
BoucyCastle algorithms (Android)
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Description
Create a new risk for "Potentially Weak Cryptography Implementations (MASVS-CRYPTO-1)" using the following information:
Don't use outdated or known weak implementations and don't build your own cryptography. Using custom cryptography instead of relying on established, expert-designed APIs or certified modules exposes apps to vulnerabilities due to potential implementation flaws and lack of rigorous security review.
Create "
risks/MASVS-CRYPTO/1-***-****/potentially-weak-crypto-impl/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-CRYPTO/1-***-****/potentially-weak-crypto-impl/risk.md
)The text was updated successfully, but these errors were encountered: