Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CWE mapping on MASWE elements of MASVS-RESILIENCE #3151

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update CWE mapping on MASWE elements of MASVS-RESILIENCE #3151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0089.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-9]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [657]

draft:
description: e.g. polymorphic obfuscation, method-inlining, insertion of opaque
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0090.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-11]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [657]

draft:
description: e.g. resource obfuscation, binary encryption/packing
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0091.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-12]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [657]

draft:
description: incl. anti-deobfuscation techniques
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0092.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ platform: [android, ios]
profiles: [R]
mappings:
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [657]

draft:
description: AKA static damage control
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0093.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-CODE-3]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [657]

draft:
description: nm or objdump reveal symbols
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0094.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-CODE-4]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [540]

draft:
description: e.g. non-production URLs, code flows, verbose logging
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0095.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-CODE-4]
masvs-v2: [MASVS-RESILIENCE-3]
cwe: [489, 912]

draft:
description: backdoors, hidden settings to e.g. disable TLS verification
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0096.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-13]
masvs-v2: [MASVS-RESILIENCE-3, MASVS-NETWORK-1]
cwe: [319]

draft:
description: Use payload/End-2-End Encryption. Even if the connection is encrypted
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0097.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-1]
masvs-v2: [MASVS-RESILIENCE-1]
cwe: [250, 358]

draft:
description: no root/jailbreak detection implemented e.g. check for Cydia, SuperSU,
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0098.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ platform: [android, ios]
profiles: [R]
mappings:
masvs-v2: [MASVS-RESILIENCE-1]
cwe: [358]

draft:
description: runs as a so-called "clone app"
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0099.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-5]
masvs-v2: [MASVS-RESILIENCE-1]
cwe: [358]

draft:
description: e.g. identifying features and limitations available for commonly used
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0100.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-10]
masvs-v2: [MASVS-RESILIENCE-1]
cwe: [353]

refs:
- https://developer.android.com/google/play/integrity
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0101.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-2]
masvs-v2: [MASVS-RESILIENCE-4]
cwe: [693]

draft:
description: implementing techniques to detect debuggers
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0102.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-4]
masvs-v2: [MASVS-RESILIENCE-4]
cwe: [693]

draft:
description: e.g. Frida, Xposed, Cydia Substrate, etc.
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0103.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-8]
masvs-v2: [MASVS-RESILIENCE-4]
cwe: [693]

draft:
description: e.g. Runtime Application Self-Protection, detection triggering different
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0104.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-CODE-1]
masvs-v2: [MASVS-RESILIENCE-2]
cwe: [353]

refs:
- https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0105.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-3]
masvs-v2: [MASVS-RESILIENCE-2, MASVS-CODE-4]
cwe: [353]

draft:
description: e.g. integrity of downloaded resources or dynamically loaded resources
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0106.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ platform: [android, ios]
profiles: [R]
mappings:
masvs-v2: [MASVS-RESILIENCE-2]
cwe: [353]

draft:
description: Google PlayStore or Apple AppStore
Expand Down
1 change: 1 addition & 0 deletions weaknesses/MASVS-RESILIENCE/MASWE-0107.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ profiles: [R]
mappings:
masvs-v1: [MSTG-RESILIENCE-6]
masvs-v2: [MASVS-RESILIENCE-2]
cwe: [114]

draft:
description: e.g. memory tampering detection
Expand Down