diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0089.md b/weaknesses/MASVS-RESILIENCE/MASWE-0089.md index 62f9cbc90b..b5d9cdfc68 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0089.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0089.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-9] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [657] draft: description: e.g. polymorphic obfuscation, method-inlining, insertion of opaque diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0090.md b/weaknesses/MASVS-RESILIENCE/MASWE-0090.md index d3978bc3bf..5e4ee2517b 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0090.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0090.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-11] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [657] draft: description: e.g. resource obfuscation, binary encryption/packing diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0091.md b/weaknesses/MASVS-RESILIENCE/MASWE-0091.md index 1810ee79ff..0464e4a905 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0091.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0091.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-12] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [657] draft: description: incl. anti-deobfuscation techniques diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0092.md b/weaknesses/MASVS-RESILIENCE/MASWE-0092.md index 39fbc5452c..5470fbd786 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0092.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0092.md @@ -6,6 +6,7 @@ platform: [android, ios] profiles: [R] mappings: masvs-v2: [MASVS-RESILIENCE-3] + cwe: [657] draft: description: AKA static damage control diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0093.md b/weaknesses/MASVS-RESILIENCE/MASWE-0093.md index e7f57441c0..c3a8406a4f 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0093.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0093.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-CODE-3] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [657] draft: description: nm or objdump reveal symbols diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0094.md b/weaknesses/MASVS-RESILIENCE/MASWE-0094.md index 1b684a86f4..6b4d3c3549 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0094.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0094.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-CODE-4] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [540] draft: description: e.g. non-production URLs, code flows, verbose logging diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0095.md b/weaknesses/MASVS-RESILIENCE/MASWE-0095.md index af1a8be299..a2ee4f39d7 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0095.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0095.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-CODE-4] masvs-v2: [MASVS-RESILIENCE-3] + cwe: [489, 912] draft: description: backdoors, hidden settings to e.g. disable TLS verification diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0096.md b/weaknesses/MASVS-RESILIENCE/MASWE-0096.md index 7024ce964b..3693f74b0a 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0096.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0096.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-13] masvs-v2: [MASVS-RESILIENCE-3, MASVS-NETWORK-1] + cwe: [319] draft: description: Use payload/End-2-End Encryption. Even if the connection is encrypted diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0097.md b/weaknesses/MASVS-RESILIENCE/MASWE-0097.md index e5aadb5beb..1f2bce7798 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0097.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0097.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-1] masvs-v2: [MASVS-RESILIENCE-1] + cwe: [250, 358] draft: description: no root/jailbreak detection implemented e.g. check for Cydia, SuperSU, diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0098.md b/weaknesses/MASVS-RESILIENCE/MASWE-0098.md index 00dc3d2a53..7a152f4426 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0098.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0098.md @@ -6,6 +6,7 @@ platform: [android, ios] profiles: [R] mappings: masvs-v2: [MASVS-RESILIENCE-1] + cwe: [358] draft: description: runs as a so-called "clone app" diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0099.md b/weaknesses/MASVS-RESILIENCE/MASWE-0099.md index 97c48c872e..526dd7b0d2 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0099.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0099.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-5] masvs-v2: [MASVS-RESILIENCE-1] + cwe: [358] draft: description: e.g. identifying features and limitations available for commonly used diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0100.md b/weaknesses/MASVS-RESILIENCE/MASWE-0100.md index 6d08d376a9..da8feddb70 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0100.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0100.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-10] masvs-v2: [MASVS-RESILIENCE-1] + cwe: [353] refs: - https://developer.android.com/google/play/integrity diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0101.md b/weaknesses/MASVS-RESILIENCE/MASWE-0101.md index 7ba3b07e06..a78997771a 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0101.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0101.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-2] masvs-v2: [MASVS-RESILIENCE-4] + cwe: [693] draft: description: implementing techniques to detect debuggers diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0102.md b/weaknesses/MASVS-RESILIENCE/MASWE-0102.md index d13c9ca53a..0fb73e0778 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0102.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0102.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-4] masvs-v2: [MASVS-RESILIENCE-4] + cwe: [693] draft: description: e.g. Frida, Xposed, Cydia Substrate, etc. diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0103.md b/weaknesses/MASVS-RESILIENCE/MASWE-0103.md index 754b21baab..6fc5875c76 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0103.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0103.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-8] masvs-v2: [MASVS-RESILIENCE-4] + cwe: [693] draft: description: e.g. Runtime Application Self-Protection, detection triggering different diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0104.md b/weaknesses/MASVS-RESILIENCE/MASWE-0104.md index 0b30b09112..b7ecee89ad 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0104.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0104.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-CODE-1] masvs-v2: [MASVS-RESILIENCE-2] + cwe: [353] refs: - https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0105.md b/weaknesses/MASVS-RESILIENCE/MASWE-0105.md index d7cadd9da4..c928419102 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0105.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0105.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-3] masvs-v2: [MASVS-RESILIENCE-2, MASVS-CODE-4] + cwe: [353] draft: description: e.g. integrity of downloaded resources or dynamically loaded resources diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0106.md b/weaknesses/MASVS-RESILIENCE/MASWE-0106.md index b87bf5446e..f7cc07a911 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0106.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0106.md @@ -6,6 +6,7 @@ platform: [android, ios] profiles: [R] mappings: masvs-v2: [MASVS-RESILIENCE-2] + cwe: [353] draft: description: Google PlayStore or Apple AppStore diff --git a/weaknesses/MASVS-RESILIENCE/MASWE-0107.md b/weaknesses/MASVS-RESILIENCE/MASWE-0107.md index ee737dbe13..0b3264b579 100644 --- a/weaknesses/MASVS-RESILIENCE/MASWE-0107.md +++ b/weaknesses/MASVS-RESILIENCE/MASWE-0107.md @@ -7,6 +7,7 @@ profiles: [R] mappings: masvs-v1: [MSTG-RESILIENCE-6] masvs-v2: [MASVS-RESILIENCE-2] + cwe: [114] draft: description: e.g. memory tampering detection