add page for MASWE

Author: jgadsden

.wordlist.txt

@@ -511,3 +511,4 @@ SDLCs
 br
 Andreas
 Happe
+MASWE

_data/draft.yaml

@@ -145,6 +145,9 @@ docs:
 - title: '5.3.3 OWASP Secure Headers Project'
   url: implementation/secure_libraries/secure_headers
 
+- title: '5.4 [Mobile application weakness enumeration'
+  url: implementation/mas_weakness_enumeration
+
 - title: '6. Verification'
   url: verification
 

_data/release.yaml

@@ -145,6 +145,9 @@ docs:
 - title: '5.3.3 OWASP Secure Headers Project'
   url: implementation/secure_libraries/secure_headers
 
+- title: '5.4 [Mobile application weakness enumeration'
+  url: implementation/mas_weakness_enumeration
+
 - title: '6. Verification'
   url: verification
 

draft/02-toc.md

@@ -66,6 +66,7 @@ permalink:
 5.3.1 [Enterprise Security API library](#enterprise-security-api-library)  
 5.3.2 [CSRFGuard library](#csrfguard-library)  
 5.3.3 [OWASP Secure Headers Project](#owasp-secure-headers-project)  
+5.4 [Mobile application weakness enumeration](#mobile-application-weakness-enumeration)  
 
 6 **[Verification](#verification)**  
 6.1 [Guides](#verification-guides)  

draft/05-requirements/06-mas.md

@@ -26,8 +26,8 @@ permalink: /draft/requirements/mobile_application_security/
 
 ### 3.6 Mobile Application Security
 
-The OWASP [Mobile Application Security][masproject] (MAS) flagship project has the mission statement:
-"Define the industry standard for mobile application security".
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
 
 The MAS project covers the processes, techniques, and tools used for security testing mobile applications.
 It provides a set of test cases that enables testers to deliver consistent and complete results.
@@ -74,7 +74,7 @@ which can be used as a guide to decide if the category should to be included in
 * OWASP [Mobile Application Security][mas] (MAS)
 * MAS [project][masproject]
 * MAS [Checklist][masc]
-* MAS Verification Standard ([MASVS][masvs])
+* MAS [Verification Standard][masvs] (MASVS)
 * OWASP [Mobile Application Security][csmas] cheat sheet
 
 ----

draft/06-design/03-mas-checklist.md

@@ -26,8 +26,8 @@ permalink: /draft/design/mas_checklist/
 
 ### 4.3 Mobile application checklist
 
-The OWASP [Mobile Application Security][masproject] (MAS) flagship project has the mission statement:
-"Define the industry standard for mobile application security".
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
 
 The OWASP MAS project provides the [Mobile Application Security Verification Standard][masvs] (MASVS)
 for mobile applications and a comprehensive [Mobile Application Security Testing Guide][mastg] (MASTG).
@@ -46,6 +46,7 @@ This MAS Checklist is split out into categories that match the MASVS categories:
 * [MASVS-PLATFORM](https://mas.owasp.org/checklists/MASVS-PLATFORM/) interactions with the mobile platform
 * [MASVS-CODE](https://mas.owasp.org/checklists/MASVS-CODE/) platform and data entry points along with third-party software
 * [MASVS-RESILIENCE](https://mas.owasp.org/checklists/MASVS-RESILIENCE/) integrity and running on a trusted platform
+* [MASVS-PRIVACY](https://mas.owasp.org/checklists/MASVS-PRIVACY/) privacy of users, data and resources
 
 In addition to the web links there is a [downloadable spreadsheet][masxls].
 
@@ -69,6 +70,7 @@ This record of test results can be used as evidence for compliance purposes.
 * Mobile Application Security ([MAS][masproject]) project
 * MAS [Checklist][masc]
 * MAS Verification Standard ([MASVS][masvs])
+* MAS Testing Guide ([MASTG][mastg])
 * OWASP [Mobile Application Security][csmas] cheat sheet
 
 ----

draft/07-implementation/00-toc.md

@@ -51,6 +51,7 @@ Sections:
 5.3.1 [Enterprise Security API library](#enterprise-security-api-library)  
 5.3.2 [CSRFGuard library](#csrfguard-library)  
 5.3.3 [OWASP Secure Headers Project](#owasp-secure-headers-project)  
+5.4 [Mobile application weakness enumeration](#mobile-application-weakness-enumeration)  
 
 ----
 

draft/07-implementation/04-maswe.md

@@ -0,0 +1,73 @@
+---
+
+title: MAS Weakness Enumeration
+layout: col-document
+tags: OWASP Developer Guide
+contributors: Jon Gadsden
+document: OWASP Developer Guide
+order: 640
+permalink: /draft/implementation/mas_weakness_enumeration/
+
+---
+
+{% include breadcrumb.html %}
+
+<style type="text/css">
+.image-right {
+  height: 180px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  float: right;
+}
+</style>
+
+![MAS checklist logo](../../../assets/images/logos/mas.png "OWASP MASWE"){: .image-right }
+
+### 5.4 Mobile application weakness enumeration
+
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
+
+The OWASP MASWE project ...
+
+#### What is the MASWE?
+
+The MAS Weakness Enumeration ...
+
+The MASWE is split out into weakness categories that match the MASVS verification categories:
+
+* [MASVS-STORAGE](https://mas.owasp.org/MASWE/MASVS-STORAGE/MASWE-0001/) sensitive data storage
+* [MASVS-CRYPTO](https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0009/) cryptography best practices
+* [MASVS-AUTH](https://mas.owasp.org/MASWE/MASVS-AUTH/MASWE-0028/) authentication and authorization mechanisms
+* [MASVS-NETWORK](https://mas.owasp.org/MASWE/MASVS-NETWORK/MASWE-0047/) network communications
+* [MASVS-PLATFORM](https://mas.owasp.org/MASWE/MASVS-PLATFORM/MASWE-0053/) interactions with the mobile platform
+* [MASVS-CODE](https://mas.owasp.org/MASWE/MASVS-CODE/MASWE-0075/) platform and third-party software
+* [MASVS-RESILIENCE](https://mas.owasp.org/MASWE/MASVS-RESILIENCE/MASWE-0089/) integrity and running on a trusted platform
+* [MASVS-PRIVACY](https://mas.owasp.org/MASWE/MASVS-PRIVACY/MASWE-0108/) privacy of users, data and resources
+
+#### Why use it?
+
+#### How to use it
+
+#### References
+
+* Mobile Application Security ([MAS][masproject]) project
+* MAS [Checklist][masc]
+* MAS Testing Guide ([MASTG][mastg])
+* MAS Verification Standard ([MASVS][masvs])
+* MAS Testing Guide ([MASTG][mastg])
+
+----
+
+The OWASP Developer Guide is a community effort; if there is something that needs changing
+then [submit an issue][issue0704] or [edit on GitHub][edit0704].
+
+[edit0704]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/07-implementation/04-maswe.md
+[issue0704]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-design/07-implementation/04-maswe
+[masproject]: https://owasp.org/www-project-mobile-app-security/
+[masc]: https://mas.owasp.org/checklists/
+[mastg]: https://mas.owasp.org/MASTG/
+[masvs]: https://mas.owasp.org/MASVS/
+
+\newpage

draft/07-implementation/toc.md

@@ -62,6 +62,7 @@ Sections:
 5.3.1 [Enterprise Security API library](03-secure-libraries/01-esapi.md)  
 5.3.2 [CSRFGuard library](03-secure-libraries/02-csrf-guard.md)  
 5.3.3 [OWASP Secure Headers Project](03-secure-libraries/03-secure-headers.md)  
+5.4 [Mobile application weakness enumeration](04-maswe.md)  
 
 ----
 

draft/09-training-education/01-vulnerable-apps/02-webgoat.md

@@ -103,13 +103,14 @@ WebWolf provides:
 
 #### Where to go from here?
 
-Try all the WebGoat lessons, they will certainly inform and educate.
-Use WebGoat in demonstrations of your favourite attack chains.
-Exercise available attack tools against WebGoat.
-
 Try out the WebGoat desktop environment by running `docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop`
 and navigating to `http://localhost:3000/`.
 
+* Try the WebGoat lessons, they will certainly inform and educate
+* Exercise available attack tools against WebGoat
+* Use WebGoat in demonstrations of your favourite attack chains
+* Use WebGoat material in presentations on vulnerabilities
+
 There are various ways of configuring WebGoat, see the [github repo][goatgithub] for more details.
 
 #### References