Comments (7)
All the vulnerabilities under the following OWASP Mobile Top 10 Mobile, identified via code analysis are detected by the Code Analyser. It's not being categorised under the OWASP Category. Once I am done with the final ruleset for android and iOS, I will prioritise this.
M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections
from mobile-security-framework-mobsf.
Since OWASP Mobile Top 10 changes, no plans to classify according to ranks, but will add a category tag to appropriate vulns.
from mobile-security-framework-mobsf.
Agreed.
from mobile-security-framework-mobsf.
Difficult to compare between top 10 2014 and 2016
https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10
As the categories themselves are changing between years. This featured won't be added.
from mobile-security-framework-mobsf.
Will be tracking this as an enhancement. We won't be ranking anything but categorising based on OWASP Mobile Top 10 and OWASP MSTG
from mobile-security-framework-mobsf.
Tracked under all enhancements
from mobile-security-framework-mobsf.
Won't be implementing OWASP top 10s changes yearly
from mobile-security-framework-mobsf.
Related Issues (20)
- docker install fails HOT 2
- linux/arm64 image for latest tag missing HOT 4
- [FEATURE] changing Postgres Port HOT 1
- Port 1337 Blocked on Windows HTTPTools HOT 4
- Invalid HTTP_HOST header: ':::8000' HOT 11
- dynamic analyse HOT 2
- Showing Google AdMob Tracker, Even if it's not used HOT 1
- [FEATURE] SHA256 hash after a POST request HOT 5
- Unable to start Dynamic Analysis HOT 5
- [FEATURE]Can support ignoring some detected problems HOT 5
- Dynamic Analysis Failed on MacBook Pro m1 HOT 4
- Recent Scan Bug HOT 3
- Unable to start Dynamic Analysis HOT 1
- ANDROID STATIC ANALYSIS : Preference flagged as world-writable inspite of being package-private HOT 2
- Our Application always shows "App Keeps Stopping" error in Android emulator. HOT 2
- [FEATURE] Integrate apkleaks HOT 2
- Run MobSF through command [FEATURE] HOT 4
- [FEATURE] Support android aab conversion HOT 1
- Login screen in v4.0 MobSF HOT 3
- I've installed but its showing login page. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mobile-security-framework-mobsf.