Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create testcase issues on data storage for Parse and CouchDB #1041

Open
commjoen opened this issue Oct 14, 2018 · 5 comments
Open

Create testcase issues on data storage for Parse and CouchDB #1041

commjoen opened this issue Oct 14, 2018 · 5 comments
Assignees
@shwetajoshi26
Labels
MASVS-STORAGE
Projects
OWASP MSTG
Milestone
1.3 release - And...

Comments

@commjoen
Copy link
Collaborator

In our data storage chapters (see 0x05d for Android and 0x06d for iOS), we miss writeups for Parse and CouchDB.

As this is a good first issue, we would like to invite anyone to start working on the following:

  • Explain how the storagemechanism works (so what does CouchDB and Parse do?) in the overview part. Explain what could go wrong: where do you have to pay attention to? Thing about how the storage can be overriden or extracted?
  • Explain in the static analysis part what to look for in terms of wrong and right code: what are signs that the technology is used? What are signs that it is used insecurely?
  • Explain in the dynamic analysis part what to look for in terms of wrong behavior: what should a pentester/developer check to see issues in the behavior of the app regarding the integraiton?
@commjoen commjoen added this to the 1.2: Android and iOS updates milestone Oct 14, 2018
@commjoen commjoen added this to To do in OWASP MSTG via automation Oct 14, 2018
@commjoen commjoen moved this from To do to In progress in OWASP MSTG Oct 18, 2018
@commjoen
Copy link
Collaborator Author

CouchDB Writeup Android.docx
WIP by @shwetajoshi26 👍 . Will have to pick this up and add data to git (e.g. how to exploit/secure and verify it)

@cpholguera
Copy link
Collaborator

Hi @shwetajoshi26, could you already start working on this? Do you need some support to get started?

@shwetajoshi26
Copy link
Collaborator

Hi, I am not able to proceed ahead because of unavailability of actual devices, rooted android and iphone for testing. I tried running another simulations, but not successful.

@cpholguera
Copy link
Collaborator

Hi @shwetajoshi26 , thanks for the status update :) what if we leave out the third point (dynamic analysis, at least for now)?

We'd highly appreciate if you could at least help us address the other two "how it works" and "static analysis" (from the description above). What do you think?

@shwetajoshi26
Copy link
Collaborator

shwetajoshi26 commented Dec 30, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shwetajoshi26 shwetajoshi26

Labels
MASVS-STORAGE
Projects
OWASP MSTG
  
In progress
Milestone
1.3 release - Android / iOS update pa...
Development

No branches or pull requests
5 participants
@commjoen @TheDauntless @sushi2k @cpholguera @shwetajoshi26