v1.5.0

We've been very busy with the OWASP MASVS refactoring but we're very excited to be able to bring you the new OWASP MASTG in its version v1.5.0 including loads of news including new Test Cases, Testing Fundamentals, upgraded MAS Checklists and many more, see below.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for the MASVS refactoring, the OWASP MAS rebranding, the brand new OWASP MAS website and this MASTG v1.5.0 release and for continuing spreading the word about the OWASP MAS project.

Carlos Holguera & Sven Schleier - OWASP MAS project

NOTE: the OWASP MASTG v1.5.0 relies on the latest MASVS v1.4.2

What's Changed

📢 News

New "Trusted By" Section & CREST OVS

Introducing the "MAS Advocate" Status

Add Google's ADA MASA

Project Rebranding to OWASP MAS

OWASP MAS New Website

• Add Trusted By Section and Adopters by @cpholguera in #2059
• Add CREST and CREST OVS by @cpholguera in #2172
• Introducing the "MAS Advocate" Status by @cpholguera in #2132
  *Add Google's ADA MASA (by @nowsecure) by @cpholguera in #2128
• First Update to MAS and MASTG by @cpholguera in #2179
• Add MASTG New Cover for PDF by @cpholguera in #2205
• Update Twitter Handle to @OWASP_MAS by @cpholguera in #2186
• Rename MSTG to MASTG & link to New Website mas.owasp.org by @cpholguera in #2195

🧪 MASTG Test Cases

• MSTG-CODE-1 Add Link to Latest Code Signature Format for iOS by @cpholguera in #2025
• Testing Instant Apps is now in 0x05b (Basic Security Testing) by @cpholguera in #2039
• MSTG-NETWORK-1 Added clearText Traffic Info by @TheDauntless in #2037
• MSTG-CODE-9 Update Xcode Menu Options for PIE Protection by @ichistmeinname in #2078
• MSTG-CODE-1 Enhance iOS Code Signing Section (by @nowsecure) by @cpholguera in #2102
• MSTG-PLATFORM-1 Introducing Privacy-Friendly Alternatives to Requesting Permissions by @cpholguera in #1993
• MSTG-PLATFORM-2 MSTG-PLATFORM-3 Enhance Android Deep Link Testing (by @nowsecure) by @cpholguera in #2090
• MSTG-PLATFORM-10 Add WebViews Cleanup by @cpholguera in #1984
• Add coverage for MSTG-CODE-9 on Android by @cpholguera in #2089
• MSTG-NETWORK-1-4 Fix Network Security Testing on Android and iOS (by @nowsecure) by @cpholguera in #2042
• MSTG-RESILIENCE-5 Update Emulation Available on iOS by @t3chn0m4g3 in #2167

📖 MASTG Testing Fundamentals

• 0x06b - Upgrade Jailbreak section by @cpholguera in #1943
• Fix Deprecated SecKeyEncrypt Class (iOS) by @fujiokayu in #2083
• 0x04e - About OTP Authentication Checks by @Saket-taneja in #1938
• Added instructions explaining how to move certificate from user to root store by @DemanNL in #1915
• Key Management Updates for iOS and Android by @vixentael in #2127
• CRYPTO: Export and import crypto regulations by @julepka in #1885
• 0x06b - Update Jailbreak Content (by @nowsecure) by @cpholguera in #2145
• Add FIPS 140-2 validated info for corecrypto by @cpholguera in #2144
• Improve the Android Architecture Section (by @nowsecure) by @cpholguera in #2118
• Add New References to Android API changes (by @nowsecure) by @cpholguera in #2153
• Updated Symmetric and Asymmetric Encryption Description by @dmagnate in #2139

✨ MASTG Testing Techniques

• 0x05c - Update Angr Example to Angr 9.2.2 by @kousha1999 in #2103
• Enabling Safari Web Inspector on iOS by @lndevel in #2112
• Update Corellium info and about decrypting IPAs by @cpholguera in #2124

🪄 MASTG Testing Tools

• New Chapter for Reference Apps #2142 by @wwwhackcom in #2156
• Add APKLab for Android by @fujiokayu in #2177

⚡ Automation

• Update Changelog Automation by @cpholguera in #2057
• Add GitHub Action for codespell by @cclauss in #2069
• Fix All Markdown Lint Issues and Broken Links by @cpholguera in #2143
• Auto-label PRs by @witzki in #2101
• Enhance Auto Release Notes by @cpholguera in #2234
• Add MASVS version to MASTG PDF by @cpholguera in #2235

📜 MAS Checklists

• Increase Checklist Test Coverage Including Tests from the 0x04* Chapters by @fujiokayu in #2085
• Add Common Test Case Column to Checklist by @cpholguera in #2208

Checklist test coverage changes: removed (2) added (13) updated (51)

🎉 New Donators

• Thanks Corellium by @cpholguera in #2174

🐞 Errata Corrections

• Update broken links by @TheDauntless in #2038
• Fixing typos and more in the Android Crypto Chapter by @cpholguera in #1992
• Fix spelling by @TheDauntless in #2049
• Fix typos discovered by codespell by @cclauss in #2067
• Fixed Typos in 0x04i-Testing-User-Privacy-Protection by @wassef911 in #2123
• Fix Intros in Cryptography Chapters (by @nowsecure) by @corielynch in #2051
• Fix typo in 0x04f-Testing-Network-Communication.md by @dturner42 in #2178
• Resolved broken link to OWASP MASTG authors and co-authors (#2197) ; by @chantzlarge in #2198
• Resolved broken link to OWASP MASTG Contributors (#2199) ; by @chantzlarge in #2200
• Fix lulu.com links by @cpholguera in #2203

Other Changes

• Improve README UX by @cpholguera in #2061
• Fix chapter outline for 0x04g (Mobile App Cryptography) by @cpholguera in #2040
• Change markdown images to html images by @TheDauntless in #2126

New Contributors

• @cclauss made their first contribution in #2067
• @ichistmeinname made their first contribution in #2078
• @kousha1999 made their first contribution in #2103
• @lndevel made their first contribution in #2112
• @wassef911 made their first contribution in #2123
• @DemanNL made their first contribution in #1915
• @dmagnate made their first contribution in #2139
• @witzki made their first contribution in #2101
• @wwwhackcom made their first contribution in #2156
• @t3chn0m4g3 made their first contribution in #2167
• @dturner42 made their first contribution in #2178
• @chantzlarge made their first contribution in #2198

Full Changelog: v1.4.0...v1.5.0