diff --git a/IndexMASVS.md b/IndexMASVS.md index bc4a52c39c..3a1834a1d2 100644 --- a/IndexMASVS.md +++ b/IndexMASVS.md @@ -3,103 +3,107 @@ ## Table of Contents - [Objective](#objective) -- [V1: Architecture, Design and Threat Modeling Requirements](#v1-architecture-design-and-threat-modeling-requirements) -- [V2: Data Storage and Privacy Requirements](#v2-data-storage-and-privacy-requirements) -- [V3: Cryptography Requirements](#v3-cryptography-requirements) -- [V4: Authentication and Session Management Requirements](#v4-authentication-and-session-management-requirements) -- [V5: Network Communication Requirements](#v5-network-communication-requirements) -- [V6: Environmental Interaction Requirements](#v6-environmental-interactions) -- [V7: Code Quality and Build Setting Requirements](#v7-code-quality-and-build-setting-requirements) -- [V8: Resiliency Against Reverse Engineering Requirements](#v8-resiliency-against-reverse-engineering-requirements) +- [MASVS-STORAGE](#masvs-storage) +- [MASVS-CRYPTO](#masvs-crypto) +- [MASVS-AUTH](#masvs-auth) +- [MASVS-NETWORK](#masvs-network) +- [MASVS-PLATFORM](#masvs-platform) +- [MASVS-CODE](#masvs-code) +- [MASVS-RESILIENCE](#masvs-resilience) +- [MASVS-PRIVACY](#masvs-privacy) ## Objective The objective of this index is to help OWASP [Mobile Application Security Verification Standard](https://github.com/OWASP/owasp-masvs) (MASVS) users clearly identify which cheat sheets are useful for each section during their usage of the MASVS. -This index is based on the version 1.x.x of the MASVS. +This index is based on version [2.1.0](https://github.com/OWASP/owasp-masvs/releases/tag/v2.1.0) of the MASVS. -## V1: Architecture, Design and Threat Modeling Requirements +## MASVS-STORAGE -[Threat Modeling Cheat Sheet](cheatsheets/Threat_Modeling_Cheat_Sheet.md). +[Password Storage Cheat Sheet](cheatsheets/Password_Storage_Cheat_Sheet.md) -[Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md). +[Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md) -[Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md). +[Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md) -## V2: Data Storage and Privacy Requirements +[Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md) -[Password Storage Cheat Sheet](cheatsheets/Password_Storage_Cheat_Sheet.md). +## MASVS-CRYPTO -[Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md). +[Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md) -[User Privacy Protection Cheat Sheet](cheatsheets/User_Privacy_Protection_Cheat_Sheet.md). +[Key Management Cheat Sheet](cheatsheets/Key_Management_Cheat_Sheet.md) -[Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md). +## MASVS-AUTH -## V3: Cryptography Requirements +[Authentication Cheat Sheet](cheatsheets/Authentication_Cheat_Sheet.md) -[Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md). +[Authorization Cheat Sheet](cheatsheets/Authorization_Cheat_Sheet.md) -[Key Management Cheat Sheet](cheatsheets/Key_Management_Cheat_Sheet.md). +[Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md) -## V4: Authentication and Session Management Requirements +[Transaction Authorization Cheat Sheet](cheatsheets/Transaction_Authorization_Cheat_Sheet.md) -[Authentication Cheat Sheet](cheatsheets/Authentication_Cheat_Sheet.md). +[Access Control Cheat Sheet](cheatsheets/Access_Control_Cheat_Sheet.md) -[Authorization Cheat Sheet](cheatsheets/Authorization_Cheat_Sheet.md). +[JSON Web Token Cheat Sheet for Java](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md) -[Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md). +[Credential Stuffing Prevention Cheat Sheet](cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.md) -[Transaction Authorization Cheat Sheet](cheatsheets/Transaction_Authorization_Cheat_Sheet.md). +## MASVS-NETWORK -[Access Control Cheat Sheet](cheatsheets/Access_Control_Cheat_Sheet.md). +[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) -[JSON Web Token Cheat Sheet for Java](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md). +[HTTP Strict Transport Security Cheat Sheet](cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md) -[Credential Stuffing Prevention Cheat Sheet](cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.md). +[REST Security Cheat Sheet](cheatsheets/REST_Security_Cheat_Sheet.md) -## V5: Network Communication Requirements +[Web Service Security Cheat Sheet](cheatsheets/Web_Service_Security_Cheat_Sheet.md) -[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md). +[Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md) -[HTTP Strict Transport Security Cheat Sheet](cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md). +## MASVS-PLATFORM -[REST Security Cheat Sheet](cheatsheets/REST_Security_Cheat_Sheet.md). +[Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md) -[Web Service Security Cheat Sheet](cheatsheets/Web_Service_Security_Cheat_Sheet.md). +## MASVS-CODE -## V6: Environmental Interaction Requirements +[Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md) -None. +[Error Handling Cheat Sheet](cheatsheets/Error_Handling_Cheat_Sheet.md) -## V7: Code Quality and Build Setting Requirements +[Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md) -[Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md). +[Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md) -[Error Handling Cheat Sheet](cheatsheets/Error_Handling_Cheat_Sheet.md). +[Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md) -[Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md). +[Input Validation Cheat Sheet](cheatsheets/Input_Validation_Cheat_Sheet.md) -[Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md). +[Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md) -[Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md). +[Injection Prevention Cheat Sheet in Java](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md) -[Input Validation Cheat Sheet](cheatsheets/Input_Validation_Cheat_Sheet.md). +[OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md) -[Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md). +[Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md) -[Injection Prevention Cheat Sheet in Java](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md). +[SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md) -[OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md). +[XXE Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md) -[Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md). +[XML Security Cheat Sheet](cheatsheets/XML_Security_Cheat_Sheet.md) -[SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md). +## MASVS-RESILIENCE -[XXE Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md). +[Threat Modeling Cheat Sheet](cheatsheets/Threat_Modeling_Cheat_Sheet.md) -[XML Security Cheat Sheet](cheatsheets/XML_Security_Cheat_Sheet.md). +[Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md) -## V8: Resiliency Against Reverse Engineering Requirements +[Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md) -None. +[Mobile Application Security Cheat Sheet](cheatsheets/Mobile_Application_Security_Cheat_Sheet.md) + +## MASVS-PRIVACY + +[User Privacy Protection Cheat Sheet](cheatsheets/User_Privacy_Protection_Cheat_Sheet.md)