Git Product home page Git Product logo

Comments (7)

ajinabraham avatar ajinabraham commented on July 18, 2024

All the vulnerabilities under the following OWASP Mobile Top 10 Mobile, identified via code analysis are detected by the Code Analyser. It's not being categorised under the OWASP Category. Once I am done with the final ruleset for android and iOS, I will prioritise this.

M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections

from mobile-security-framework-mobsf.

ajinabraham avatar ajinabraham commented on July 18, 2024

Since OWASP Mobile Top 10 changes, no plans to classify according to ranks, but will add a category tag to appropriate vulns.

from mobile-security-framework-mobsf.

bugwrangler avatar bugwrangler commented on July 18, 2024

Agreed.

from mobile-security-framework-mobsf.

ajinabraham avatar ajinabraham commented on July 18, 2024

Difficult to compare between top 10 2014 and 2016
https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10

As the categories themselves are changing between years. This featured won't be added.

from mobile-security-framework-mobsf.

ajinabraham avatar ajinabraham commented on July 18, 2024

Will be tracking this as an enhancement. We won't be ranking anything but categorising based on OWASP Mobile Top 10 and OWASP MSTG

from mobile-security-framework-mobsf.

ajinabraham avatar ajinabraham commented on July 18, 2024

Tracked under all enhancements

from mobile-security-framework-mobsf.

ajinabraham avatar ajinabraham commented on July 18, 2024

Won't be implementing OWASP top 10s changes yearly

from mobile-security-framework-mobsf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.