Skip to content

Intermediate update 1.0.1
Compare
Choose a tag to compare
@commjoen commjoen released this 17 Sep 07:43
· 4392 commits to master since this release
1.0.1
782aab5

What's Changed

  • Updated guiding documentation (README, PR templates, improved style guide, issue templates).
  • Added automated build of the pdf and DocX.
  • Updated Frontispiece (given new contributor stats).
  • Updated Crackmes and guiding documentation.
  • Updated tooling commands (adb, ABE, iMazing, Needle, IPAinstaller, etc.).
  • Added first Russian translations of the 1.0 documents for iOS.
  • Improved URLs for GitBook using goo.gl in case of URLs with odd syntax.
  • Updated Frontispiece to give credit to all that have helped out for this version.
  • Clarified the app taxonomy & security testing sections by a rewrite.
  • Added sections for network testing, certificate verification & SSL pinning for Cordova, WebView, Xamarin, React-Native and updated the public key pinning sections.
  • Removed no longer working guides (e.g. using iTunes to install apps).
  • Updated a lot of URLs (using TLS wherever possible).
  • Updated tests regarding WebViews.
  • Added new testing tool suites in the tools section, such as the mobile hack tools and various dependency checkers.
  • Updated test cases regarding protocol handlers (added missing MASVS 6.6 for iOS).
  • Many small updates in terms of wording, spelling/typos, updated code segments and grammar.
  • Added missing test cases for MASVS 2.11, 4.7, 7.5 and 4.11.
  • Updated the XLS Checklist given MASVS 1.1.0.
  • Removed the clipboard test from iOS and Android.
  • Removed duplicates on local storage testing and updated data storage test cases.
  • Added write-ups from the mobile security sessions at the OWASP summit.
  • Added anti-debugging bypass section for iOS.
  • Added SQL injection & XML injection samples and improved mitigation documentation.
  • Added Needle documentation for iOS.
  • Added fragment injection documentation.
  • Updated IPA installation process guidance.
  • Added XSS sample for Android.
  • Added improved documentation for certificate installation on Android devices.
  • Updated Frida & Fridump related documentation.
  • Added sections about in-memory data analysis in iOS.
  • Updated software development and related supporting documentation.
  • Updated (anti) reverse-engineering sections for Android and iOS.
  • Updated data storage chapters given newer tooling.
  • Merged SDLC and security testing chapters.
  • Updated cryptography and key-management testing sections for both Android and iOS (up to Android Nougat/iOS 11).
  • Updated general overview chapters for Android and iOS.
  • Updated Android and iOS IPC testing.
  • Added missing overviews, references, etc. to various sections such as 0x6i.
  • Updated local authentication chapters and the authentication & session management chapters.
  • Updated test cases for sensitive data in memory.
  • Added code quality sections.
Assets 4
Loading