Intermediate update 1.1.2

What's Changed

• Added missing mappings for MASVS V1.X.
• Updated markdown throughout the English MSTG to be consistent.
• Replaces some dead links.
• Improvements for rendering as a book, including the ISBN number.
• Updated the Excel: it is now available in Japanese as well!
• Many punctuation corrections, spelling and grammar issues resolved.
• Added missing iOS test case regarding memory corruption issues.
• Added contributing, code of conduct, markdown linting and dead link detection.

Intermediate update 1.1.1

What's Changed

• Improvements on various tool related parts, such as how to use on-device console, adb, nscurl, Frida and Needle.
• Updated 0x4e regarding SMS communication.
• Many grammar/style updates.
• Added Android description regarding MASVS requirement 7.8.
• Updated contributor list.
• Various updates on instructions regarding TLS and encryption.
• Removed some erroneous information.
• Fixed parts of the alignment of the MASVS requirements with the MSTG.
• Updated information on various topics such as jailbreaking and network interception on both iOS and Android.
• Added some steps for Frida detection.
• Added write-ups on Android changes, regarding permissions, application signing, device identifiers, key attestation and more.
• Extended guidance on SafetyNet attestation.
• Added information on Magisk.
• Added Firebase misconfiguration information.
• Added references to more testing tools.
• Updated contributor list.
• Added a lot of information to iOS platform testing.
• Added a lot of fixes for our book-release.

Intermediate update 1.1-excel

Intermediate update (1.1-excel). See CHANGELOG.md for updates on intermediate update releases.

1.1.0 - covering MASVS 1.1.0

What's Changed

• Added more samples in Kotlin.
• Simplified leanpub and gitbook publishing.
• A lot of QA improvements.
• Added deserialization test cases for iOS, including input sanitization.
• Added test cases regarding device-access-security policies and data storage on iOS.
• Added test cases regarding session invalidation.
• Improved cryptography and key management test cases on both Android and iOS.
• Started adding various updates in the test cases introduced by Android Oreo and Android Pie.
• Refreshed the Testing Tools section: removed some of the lesser maintained tools, added new tools.
• Fixed some of the markdown issues.
• Updated license to CC 4.0.
• Started Japanese translation.
• Updated references to OWASP Mobile Top 10.
• Updated Android Crackmes.
• Fixed some of the anti-reverse-engineering test cases.
• Added debugging test case for iOS.

Intermediate update 1.0.2

What's Changed

• Updated guiding documentation (README).
• Improved automated build of the pdf, epub and mobi.
• Updated Frontispiece (given new contributor stats).
• Added attack surface sections for Android and various.
• Added vulnerable apps for testing skills.
• Improved sections for testing App permissions for Android (given android Oreo/Pie), added section for testing permissions on iOS.
• Added fix for Fragment Injection on older Android versions.
• Improved sections on iOS WebView related testing.

Intermediate update 1.0.1

What's Changed

• Updated guiding documentation (README, PR templates, improved style guide, issue templates).
• Added automated build of the pdf and DocX.
• Updated Frontispiece (given new contributor stats).
• Updated Crackmes and guiding documentation.
• Updated tooling commands (adb, ABE, iMazing, Needle, IPAinstaller, etc.).
• Added first Russian translations of the 1.0 documents for iOS.
• Improved URLs for GitBook using goo.gl in case of URLs with odd syntax.
• Updated Frontispiece to give credit to all that have helped out for this version.
• Clarified the app taxonomy & security testing sections by a rewrite.
• Added sections for network testing, certificate verification & SSL pinning for Cordova, WebView, Xamarin, React-Native and updated the public key pinning sections.
• Removed no longer working guides (e.g. using iTunes to install apps).
• Updated a lot of URLs (using TLS wherever possible).
• Updated tests regarding WebViews.
• Added new testing tool suites in the tools section, such as the mobile hack tools and various dependency checkers.
• Updated test cases regarding protocol handlers (added missing MASVS 6.6 for iOS).
• Many small updates in terms of wording, spelling/typos, updated code segments and grammar.
• Added missing test cases for MASVS 2.11, 4.7, 7.5 and 4.11.
• Updated the XLS Checklist given MASVS 1.1.0.
• Removed the clipboard test from iOS and Android.
• Removed duplicates on local storage testing and updated data storage test cases.
• Added write-ups from the mobile security sessions at the OWASP summit.
• Added anti-debugging bypass section for iOS.
• Added SQL injection & XML injection samples and improved mitigation documentation.
• Added Needle documentation for iOS.
• Added fragment injection documentation.
• Updated IPA installation process guidance.
• Added XSS sample for Android.
• Added improved documentation for certificate installation on Android devices.
• Updated Frida & Fridump related documentation.
• Added sections about in-memory data analysis in iOS.
• Updated software development and related supporting documentation.
• Updated (anti) reverse-engineering sections for Android and iOS.
• Updated data storage chapters given newer tooling.
• Merged SDLC and security testing chapters.
• Updated cryptography and key-management testing sections for both Android and iOS (up to Android Nougat/iOS 11).
• Updated general overview chapters for Android and iOS.
• Updated Android and iOS IPC testing.
• Added missing overviews, references, etc. to various sections such as 0x6i.
• Updated local authentication chapters and the authentication & session management chapters.
• Updated test cases for sensitive data in memory.
• Added code quality sections.

Test release

Merge pull request #994 from OWASP/992/spelling

#992: spelling fixes