logo
OWASP Mobile Application Security
MSTG Project joins Hacktoberfest
Initializing search
    OWASP/owasp-mastg
    • Home
    • MASWE (Beta)
    • MASTG
    • MASVS
    • MAS Checklist
    • MAS Crackmes
    • News
    • 🎙 Talks
    • ⭐ Contribute
    • 💙 Donate
    • 💬 Connect with Us
    OWASP/owasp-mastg
    • Home
    • MASWE (Beta)
        • MASWE-0001: Insertion of Sensitive Data into Logs
        • MASWE-0002: Sensitive Data Stored With Insufficient Access Restrictions in Internal Locations
        • MASWE-0003: Backup Unencrypted
        • MASWE-0004: Sensitive Data Not Excluded From Backup
        • MASWE-0005: API Keys Hardcoded in the App Package
        • MASWE-0006: Sensitive Data Stored Unencrypted in Private Storage Locations
        • MASWE-0007: Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction
        • MASWE-0008: Device Access Security Policy Not Enforced
        • MASWE-0009: Weak Cryptographic Key Generation
        • MASWE-0010: Weak Cryptographic Key Derivation
        • MASWE-0011: Cryptographic Key Rotation Not Implemented
        • MASWE-0012: Insecure or Wrong Usage of Cryptographic Key
        • MASWE-0013: Hardcoded Cryptographic Keys in Use
        • MASWE-0014: Cryptographic Keys Not Properly Protected at Rest
        • MASWE-0015: Deprecated Android KeyStore Implementations
        • MASWE-0016: Unsafe Handling of Imported Cryptographic Keys
        • MASWE-0017: Cryptographic Keys Not Properly Protected on Export
        • MASWE-0018: Cryptographic Keys Access Not Restricted
        • MASWE-0019: Potentially Weak Cryptography Implementations
        • MASWE-0020: Weak Encryption
        • MASWE-0021: Weak Hashing
        • MASWE-0022: Predictable Initialization Vectors (IVs)
        • MASWE-0023: Weak Padding
        • MASWE-0024: Weak Message Authentication Codes (MAC)
        • MASWE-0025: Weak Signature
        • MASWE-0026: Improper Verification of Cryptographic Signature
        • MASWE-0027: Cryptographically Weak Pseudo-Random Number Generator (PRNG)
        • MASWE-0028: MFA Implementation Best Practices Not Followed
        • MASWE-0029: Step-Up Authentication Not Implemented After Login
        • MASWE-0030: Re-Authenticates Not Triggered On Contextual State Changes
        • MASWE-0031: Insecure use of Android Protected Confirmation
        • MASWE-0032: Platform-provided Authentication APIs Not Used
        • MASWE-0033: Authentication or Authorization Protocol Security Best Practices Not Followed
        • MASWE-0034: Insecure Implementation of Confirm Credentials
        • MASWE-0035: Passwordless Authentication Not Implemented
        • MASWE-0036: Authentication Material Stored Unencrypted on the Device
        • MASWE-0037: Authentication Material Sent over Insecure Connections
        • MASWE-0038: Authentication Tokens Not Validated
        • MASWE-0039: Shared Web Credentials and Website-association Not Implemented
        • MASWE-0040: Insecure Authentication in WebViews
        • MASWE-0041: Authentication Enforced Only Locally Instead of on the Server-side
        • MASWE-0042: Authorization Enforced Only Locally Instead of on the Server-side
        • MASWE-0043: App Custom PIN Not Bound to Platform KeyStore
        • MASWE-0044: Biometric Authentication is Event-bound
        • MASWE-0045: Fallback to Non-biometric Credentials Allowed for Sensitive Transactions
        • MASWE-0046: Crypto Keys Not Invalidated on New Biometric Enrollment
        • MASWE-0047: Insecure Identity Pinning
        • MASWE-0048: Insecure Non-HTTP Traffic
        • MASWE-0049: Proved Networking APIs Not used
        • MASWE-0050: Cleartext Traffic
        • MASWE-0051: Unprotected Open Ports
        • MASWE-0052: Insecure Certificate Validation
        • MASWE-0053: Sensitive Data Leaked via the User Interface
        • MASWE-0054: Sensitive Data Leaked via Notifications
        • MASWE-0055: Sensitive Data Leaked via Screenshots
        • MASWE-0056: Tapjacking Attacks
        • MASWE-0057: StrandHogg Attack / Task Affinity Vulnerability
        • MASWE-0058: Insecure Deep Links
        • MASWE-0059: Use Of Unauthenticated Platform IPC
        • MASWE-0060: Insecure Use of UIActivity
        • MASWE-0061: Insecure Use of App Extensions
        • MASWE-0062: Insecure Services
        • MASWE-0063: Insecure Broadcast Receivers
        • MASWE-0064: Insecure Content Providers
        • MASWE-0065: Sensitive Data Permanently Shared with Other Apps
        • MASWE-0066: Insecure Intents
        • MASWE-0067: Debuggable Flag Not Disabled
        • MASWE-0068: JavaScript Bridges in WebViews
        • MASWE-0069: WebViews Allows Access to Local Resources
        • MASWE-0070: JavaScript Loaded from Untrusted Sources
        • MASWE-0071: WebViews Loading Content from Untrusted Sources
        • MASWE-0072: Universal XSS
        • MASWE-0073: Insecure WebResourceResponse Implementations
        • MASWE-0074: Web Content Debugging Enabled
        • MASWE-0075: Enforced Updating Not Implemented
        • MASWE-0076: Dependencies with Known Vulnerabilities
        • MASWE-0077: Running on a recent Platform Version Not Ensured
        • MASWE-0078: Latest Platform Version Not Targeted
        • MASWE-0079: Unsafe Handling of Data from the Network
        • MASWE-0080: Unsafe Handling of Data from Backups
        • MASWE-0081: Unsafe Handling Of Data From External Interfaces
        • MASWE-0082: Unsafe Handling of Data From Local Storage
        • MASWE-0083: Unsafe Handling of Data From The User Interface
        • MASWE-0084: Unsafe Handling of Data from IPC
        • MASWE-0085: Unsafe Dynamic Code Loading
        • MASWE-0086: SQL Injection
        • MASWE-0087: Insecure Parsing and Escaping
        • MASWE-0088: Insecure Object Deserialization
        • MASWE-0116: Compiler Provided Security Features Not Used
        • MASWE-0089: Code Obfuscation Not Implemented
        • MASWE-0090: Resource Obfuscation Not Implemented
        • MASWE-0091: Anti-Deobfuscation Techniques Not Implemented
        • MASWE-0092: Static Analysis Tools Not Prevented
        • MASWE-0093: Debugging Symbols Not Removed
        • MASWE-0094: Non-Production Resources Not Removed
        • MASWE-0095: Code That Disables Security Controls Not Removed
        • MASWE-0096: Data Sent Unencrypted Over Encrypted Connections
        • MASWE-0097: Root/Jailbreak Detection Not Implemented
        • MASWE-0098: App Virtualization Environment Detection Not Implemented
        • MASWE-0099: Emulator Detection Not Implemented
        • MASWE-0100: Device Attestation Not Implemented
        • MASWE-0101: Debugger Detection Not Implemented
        • MASWE-0102: Dynamic Analysis Tools Detection Not Implemented
        • MASWE-0103: RASP Techniques Not Implemented
        • MASWE-0104: App Integrity Not Verified
        • MASWE-0105: Integrity of App Resources Not Verified
        • MASWE-0106: Official Store Verification Not Implemented
        • MASWE-0107: Runtime Code Integrity Not Verified
        • MASWE-0108: Sensitive Data in Network Traffic
        • MASWE-0109: Lack of Anonymization or Pseudonymisation Measures
        • MASWE-0110: Use of Unique Identifiers for User Tracking
        • MASWE-0111: Inadequate Privacy Policy
        • MASWE-0112: Inadequate Data Collection Declarations
        • MASWE-0113: Lack of Proper Data Management Controls
        • MASWE-0114: Inadequate Data Visibility Controls
        • MASWE-0115: Inadequate or Ambiguous User Consent Mechanisms
    • MASTG
        • Foreword
        • Frontispiece
        • OWASP MASVS and MASTG Adoption
        • Acknowledgments
        • Suggested Reading
        • Mobile Application Taxonomy
        • Mobile Application Security Testing
        • Mobile App Tampering and Reverse Engineering
        • Mobile App Authentication Architectures
        • Mobile App Network Communication
        • Mobile App Cryptography
        • Mobile App Code Quality
        • Mobile App User Privacy Protection
        • Android Platform Overview
        • Android Security Testing
        • Android Data Storage
        • Android Cryptographic APIs
        • Android Local Authentication
        • Android Network Communication
        • Android Platform APIs
        • Android Code Quality and Build Settings
        • Android Anti-Reversing Defenses
        • iOS Platform Overview
        • iOS Security Testing
        • iOS Data Storage
        • iOS Cryptographic APIs
        • iOS Local Authentication
        • iOS Network Communication
        • iOS Platform APIs
        • iOS Code Quality and Build Settings
        • iOS Anti-Reversing Defenses
      • Tests
            • MASTG-TEST-0001: Testing Local Storage for Sensitive Data
            • MASTG-TEST-0003: Testing Logs for Sensitive Data
            • MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services
            • MASTG-TEST-0005: Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
            • MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
            • MASTG-TEST-0009: Testing Backups for Sensitive Data
            • MASTG-TEST-0011: Testing Memory for Sensitive Data
            • MASTG-TEST-0012: Testing the Device-Access-Security Policy
            • MASTG-TEST-0013: Testing Symmetric Cryptography
            • MASTG-TEST-0014: Testing the Configuration of Cryptographic Standard Algorithms
            • MASTG-TEST-0015: Testing the Purposes of Keys
            • MASTG-TEST-0016: Testing Random Number Generation
            • MASTG-TEST-0017: Testing Confirm Credentials
            • MASTG-TEST-0018: Testing Biometric Authentication
            • MASTG-TEST-0019: Testing Data Encryption on the Network
            • MASTG-TEST-0020: Testing the TLS Settings
            • MASTG-TEST-0021: Testing Endpoint Identify Verification
            • MASTG-TEST-0022: Testing Custom Certificate Stores and Certificate Pinning
            • MASTG-TEST-0023: Testing the Security Provider
            • MASTG-TEST-0007: Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms
            • MASTG-TEST-0008: Checking for Sensitive Data Disclosure Through the User Interface
            • MASTG-TEST-0010: Finding Sensitive Information in Auto-Generated Screenshots
            • MASTG-TEST-0024: Testing for App Permissions
            • MASTG-TEST-0028: Testing Deep Links
            • MASTG-TEST-0029: Testing for Sensitive Functionality Exposure Through IPC
            • MASTG-TEST-0030: Testing for Vulnerable Implementation of PendingIntent
            • MASTG-TEST-0031: Testing JavaScript Execution in WebViews
            • MASTG-TEST-0032: Testing WebView Protocol Handlers
            • MASTG-TEST-0033: Testing for Java Objects Exposed Through WebViews
            • MASTG-TEST-0035: Testing for Overlay Attacks
            • MASTG-TEST-0037: Testing WebViews Cleanup
            • MASTG-TEST-0002: Testing Local Storage for Input Validation
            • MASTG-TEST-0025: Testing for Injection Flaws
            • MASTG-TEST-0026: Testing Implicit Intents
            • MASTG-TEST-0027: Testing for URL Loading in WebViews
            • MASTG-TEST-0034: Testing Object Persistence
            • MASTG-TEST-0036: Testing Enforced Updating
            • MASTG-TEST-0042: Checking for Weaknesses in Third Party Libraries
            • MASTG-TEST-0043: Memory Corruption Bugs
            • MASTG-TEST-0044: Make Sure That Free Security Features Are Activated
            • MASTG-TEST-0038: Making Sure that the App is Properly Signed
            • MASTG-TEST-0039: Testing whether the App is Debuggable
            • MASTG-TEST-0040: Testing for Debugging Symbols
            • MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging
            • MASTG-TEST-0045: Testing Root Detection
            • MASTG-TEST-0046: Testing Anti-Debugging Detection
            • MASTG-TEST-0047: Testing File Integrity Checks
            • MASTG-TEST-0048: Testing Reverse Engineering Tools Detection
            • MASTG-TEST-0049: Testing Emulator Detection
            • MASTG-TEST-0050: Testing Runtime Integrity Checks
            • MASTG-TEST-0051: Testing Obfuscation
          • MASVS-PRIVACY
            • MASTG-TEST-0052: Testing Local Data Storage
            • MASTG-TEST-0053: Checking Logs for Sensitive Data
            • MASTG-TEST-0054: Determining Whether Sensitive Data Is Shared with Third Parties
            • MASTG-TEST-0055: Finding Sensitive Data in the Keyboard Cache
            • MASTG-TEST-0058: Testing Backups for Sensitive Data
            • MASTG-TEST-0060: Testing Memory for Sensitive Data
            • MASTG-TEST-0061: Verifying the Configuration of Cryptographic Standard Algorithms
            • MASTG-TEST-0062: Testing Key Management
            • MASTG-TEST-0063: Testing Random Number Generation
            • MASTG-TEST-0064: Testing Local Authentication
            • MASTG-TEST-0065: Testing Data Encryption on the Network
            • MASTG-TEST-0066: Testing the TLS Settings
            • MASTG-TEST-0067: Testing Endpoint Identity Verification
            • MASTG-TEST-0068: Testing Custom Certificate Stores and Certificate Pinning
            • MASTG-TEST-0056: Determining Whether Sensitive Data Is Exposed via IPC Mechanisms
            • MASTG-TEST-0057: Checking for Sensitive Data Disclosed Through the User Interface
            • MASTG-TEST-0059: Testing Auto-Generated Screenshots for Sensitive Information
            • MASTG-TEST-0069: Testing App Permissions
            • MASTG-TEST-0070: Testing Universal Links
            • MASTG-TEST-0071: Testing UIActivity Sharing
            • MASTG-TEST-0072: Testing App Extensions
            • MASTG-TEST-0073: Testing UIPasteboard
            • MASTG-TEST-0075: Testing Custom URL Schemes
            • MASTG-TEST-0076: Testing iOS WebViews
            • MASTG-TEST-0077: Testing WebView Protocol Handlers
            • MASTG-TEST-0078: Determining Whether Native Methods Are Exposed Through WebViews
            • MASTG-TEST-0079: Testing Object Persistence
            • MASTG-TEST-0080: Testing Enforced Updating
            • MASTG-TEST-0085: Checking for Weaknesses in Third Party Libraries
            • MASTG-TEST-0086: Memory Corruption Bugs
            • MASTG-TEST-0087: Make Sure That Free Security Features Are Activated
            • MASTG-TEST-0081: Making Sure that the App Is Properly Signed
            • MASTG-TEST-0082: Testing whether the App is Debuggable
            • MASTG-TEST-0083: Testing for Debugging Symbols
            • MASTG-TEST-0084: Testing for Debugging Code and Verbose Error Logging
            • MASTG-TEST-0088: Testing Jailbreak Detection
            • MASTG-TEST-0089: Testing Anti-Debugging Detection
            • MASTG-TEST-0090: Testing File Integrity Checks
            • MASTG-TEST-0091: Testing Reverse Engineering Tools Detection
            • MASTG-TEST-0092: Testing Emulator Detection
            • MASTG-TEST-0093: Testing Obfuscation
          • MASVS-PRIVACY
      • Tests (v2 Beta)
            • MASTG-TEST-0200: Files Written to External Storage
            • MASTG-TEST-0201: Runtime Use of APIs to Access External Storage
            • MASTG-TEST-0202: References to APIs and Permissions for Accessing External Storage
            • MASTG-TEST-0203: Leakage of Sensitive Data via Logging APIs
            • MASTG-TEST-0207: Data Stored in the App Sandbox at Runtime
            • MASTG-TEST-0216: Sensitive Data Not Excluded From Backup
            • MASTG-TEST-0204: Insecure Random API Usage
            • MASTG-TEST-0205: Non-random Sources Usage
            • MASTG-TEST-0208: Inappropriate Key Sizes
            • MASTG-TEST-0212: Use of Hardcoded Cryptographic Keys in Code
            • MASTG-TEST-0221: Weak Encryption Algorithms
            • MASTG-TEST-0206: Sensitive Data in Network Traffic Capture
      • Demos (v2 Beta)
            • MASTG-DEMO-0001: File System Snapshots from External Storage
            • MASTG-DEMO-0002: External Storage APIs Tracing with Frida
            • MASTG-DEMO-0003: App Writing to External Storage without Scoped Storage Restrictions
            • MASTG-DEMO-0004: App Writing to External Storage with Scoped Storage Restrictions
            • MASTG-DEMO-0005: App Writing to External Storage via the MediaStore API
            • MASTG-DEMO-0006: Tracing Common Logging APIs Looking for Secrets
            • MASTG-DEMO-0010: File System Snapshots from Internal Storage
            • MASTG-DEMO-0020: Uses of AutoBackup backup_rules.xml to Exclude Data From Backups
            • MASTG-DEMO-0007: Common Uses of Insecure Random APIs
            • MASTG-DEMO-0008: Uses of Non-random Sources
            • MASTG-DEMO-0012: Weak Cryptographic Key Generation
            • MASTG-DEMO-0017: Use of Hardcoded AES Key in SecretKeySpec with semgrep
            • MASTG-DEMO-0009: Detecting Sensitive Data in Network Traffic
      • Techniques
          • MASTG-TECH-0047: Reverse Engineering
          • MASTG-TECH-0048: Static Analysis
          • MASTG-TECH-0049: Dynamic Analysis
          • MASTG-TECH-0050: Binary Analysis
          • MASTG-TECH-0051: Tampering and Runtime Instrumentation
          • MASTG-TECH-0001: Accessing the Device Shell
          • MASTG-TECH-0002: Host-Device Data Transfer
          • MASTG-TECH-0003: Obtaining and Extracting Apps
          • MASTG-TECH-0004: Repackaging Apps
          • MASTG-TECH-0005: Installing Apps
          • MASTG-TECH-0006: Listing Installed Apps
          • MASTG-TECH-0007: Exploring the App Package
          • MASTG-TECH-0008: Accessing App Data Directories
          • MASTG-TECH-0009: Monitoring System Logs
          • MASTG-TECH-0010: Basic Network Monitoring/Sniffing
          • MASTG-TECH-0011: Setting Up an Interception Proxy
          • MASTG-TECH-0012: Bypassing Certificate Pinning
          • MASTG-TECH-0013: Reverse Engineering Android Apps
          • MASTG-TECH-0014: Static Analysis on Android
          • MASTG-TECH-0015: Dynamic Analysis on Android
          • MASTG-TECH-0016: Disassembling Code to Smali
          • MASTG-TECH-0017: Decompiling Java Code
          • MASTG-TECH-0018: Disassembling Native Code
          • MASTG-TECH-0019: Retrieving Strings
          • MASTG-TECH-0020: Retrieving Cross References
          • MASTG-TECH-0021: Information Gathering - API Usage
          • MASTG-TECH-0022: Information Gathering - Network Communication
          • MASTG-TECH-0023: Reviewing Decompiled Java Code
          • MASTG-TECH-0024: Reviewing Disassembled Native Code
          • MASTG-TECH-0025: Automated Static Analysis
          • MASTG-TECH-0026: Dynamic Analysis on Non-Rooted Devices
          • MASTG-TECH-0027: Get Open Files
          • MASTG-TECH-0028: Get Open Connections
          • MASTG-TECH-0029: Get Loaded Native Libraries
          • MASTG-TECH-0030: Sandbox Inspection
          • MASTG-TECH-0031: Debugging
          • MASTG-TECH-0032: Execution Tracing
          • MASTG-TECH-0033: Method Tracing
          • MASTG-TECH-0034: Native Code Tracing
          • MASTG-TECH-0035: JNI Tracing
          • MASTG-TECH-0036: Emulation-based Analysis
          • MASTG-TECH-0037: Symbolic Execution
          • MASTG-TECH-0038: Patching
          • MASTG-TECH-0039: Repackaging & Re-Signing
          • MASTG-TECH-0040: Waiting for the Debugger
          • MASTG-TECH-0041: Library Injection
          • MASTG-TECH-0042: Getting Loaded Classes and Methods Dynamically
          • MASTG-TECH-0043: Method Hooking
          • MASTG-TECH-0044: Process Exploration
          • MASTG-TECH-0045: Runtime Reverse Engineering
          • MASTG-TECH-0100: Logging Sensitive Data from Network Traffic
          • MASTG-TECH-0108: Taint Analysis
          • MASTG-TECH-0109: Intercepting Flutter HTTPS Traffic
          • MASTG-TECH-0115: Obtaining Compiler Provided Security Features
          • MASTG-TECH-0116: Obtaining Information about the APK Signature
          • MASTG-TECH-0117: Obtaining Information from the AndroidManifest
          • MASTG-TECH-0052: Accessing the Device Shell
          • MASTG-TECH-0053: Host-Device Data Transfer
          • MASTG-TECH-0054: Obtaining and Extracting Apps
          • MASTG-TECH-0055: Repackaging Apps
          • MASTG-TECH-0056: Installing Apps
          • MASTG-TECH-0057: Listing Installed Apps
          • MASTG-TECH-0058: Exploring the App Package
          • MASTG-TECH-0059: Accessing App Data Directories
          • MASTG-TECH-0060: Monitoring System Logs
          • MASTG-TECH-0061: Dumping KeyChain Data
          • MASTG-TECH-0062: Basic Network Monitoring/Sniffing
          • MASTG-TECH-0063: Setting up an Interception Proxy
          • MASTG-TECH-0064: Bypassing Certificate Pinning
          • MASTG-TECH-0065: Reverse Engineering iOS Apps
          • MASTG-TECH-0066: Static Analysis on iOS
          • MASTG-TECH-0067: Dynamic Analysis on iOS
          • MASTG-TECH-0068: Disassembling Native Code
          • MASTG-TECH-0069: Decompiling Native Code
          • MASTG-TECH-0070: Extracting Information from the Application Binary
          • MASTG-TECH-0071: Retrieving Strings
          • MASTG-TECH-0072: Retrieving Cross References
          • MASTG-TECH-0073: Information Gathering - API Usage
          • MASTG-TECH-0074: Information Gathering - Network Communication
          • MASTG-TECH-0075: Reviewing Decompiled Objective-C and Swift Code
          • MASTG-TECH-0076: Reviewing Disassembled Objective-C and Swift Code
          • MASTG-TECH-0077: Reviewing Disassembled Native Code
          • MASTG-TECH-0078: Automated Static Analysis
          • MASTG-TECH-0079: Dynamic Analysis on Non-Jailbroken Devices
          • MASTG-TECH-0080: Get Open Files
          • MASTG-TECH-0081: Get Open Connections
          • MASTG-TECH-0082: Get Loaded Native Libraries
          • MASTG-TECH-0083: Sandbox Inspection
          • MASTG-TECH-0084: Debugging
          • MASTG-TECH-0085: Execution Tracing
          • MASTG-TECH-0086: Method Tracing
          • MASTG-TECH-0087: Native Code Tracing
          • MASTG-TECH-0088: Emulation-based Analysis
          • MASTG-TECH-0089: Symbolic Execution
          • MASTG-TECH-0090: Patching
          • MASTG-TECH-0091: Library Injection
          • MASTG-TECH-0092: Repackaging and Re-Signing
          • MASTG-TECH-0093: Waiting for the debugger
          • MASTG-TECH-0094: Getting Loaded Classes and Methods dynamically
          • MASTG-TECH-0095: Method Hooking
          • MASTG-TECH-0096: Process Exploration
          • MASTG-TECH-0097: Runtime Reverse Engineering
          • MASTG-TECH-0098: Patching React Native Apps
          • MASTG-TECH-0110: Intercepting Flutter HTTPS Traffic
          • MASTG-TECH-0111: Extracting Entitlements from MachO Binaries
          • MASTG-TECH-0112: Obtaining the Code Signature Format Version
          • MASTG-TECH-0113: Obtaining Debugging Symbols
          • MASTG-TECH-0114: Demangling Symbols
      • Tools
          • MASTG-TOOL-0031: Frida
          • MASTG-TOOL-0032: Frida CodeShare
          • MASTG-TOOL-0033: Ghidra
          • MASTG-TOOL-0034: LIEF
          • MASTG-TOOL-0035: MobSF
          • MASTG-TOOL-0036: r2frida
          • MASTG-TOOL-0037: RMS Runtime Mobile Security
          • MASTG-TOOL-0038: objection
          • MASTG-TOOL-0098: iaito
          • MASTG-TOOL-0100: reFlutter
          • MASTG-TOOL-0101: disable-flutter-tls-verification
          • MASTG-TOOL-0104: hermes-dec
          • MASTG-TOOL-0106: Fridump
          • MASTG-TOOL-0108: Corellium
          • MASTG-TOOL-0110: semgrep
          • MASTG-TOOL-0001: Frida for Android
          • MASTG-TOOL-0002: MobSF for Android
          • MASTG-TOOL-0003: nm - Android
          • MASTG-TOOL-0004: adb
          • MASTG-TOOL-0005: Android NDK
          • MASTG-TOOL-0006: Android SDK
          • MASTG-TOOL-0007: Android Studio
          • MASTG-TOOL-0008: Android-SSL-TrustKiller
          • MASTG-TOOL-0009: APKiD
          • MASTG-TOOL-0010: APKLab
          • MASTG-TOOL-0011: Apktool
          • MASTG-TOOL-0012: apkx
          • MASTG-TOOL-0013: Busybox
          • MASTG-TOOL-0014: Bytecode Viewer
          • MASTG-TOOL-0015: drozer
          • MASTG-TOOL-0016: gplaycli
          • MASTG-TOOL-0017: House
          • MASTG-TOOL-0018: jadx
          • MASTG-TOOL-0019: jdb
          • MASTG-TOOL-0020: JustTrustMe
          • MASTG-TOOL-0021: Magisk
          • MASTG-TOOL-0022: Proguard
          • MASTG-TOOL-0023: RootCloak Plus
          • MASTG-TOOL-0024: Scrcpy
          • MASTG-TOOL-0025: SSLUnpinning
          • MASTG-TOOL-0026: Termux
          • MASTG-TOOL-0027: Xposed
          • MASTG-TOOL-0028: radare2 for Android
          • MASTG-TOOL-0029: objection for Android
          • MASTG-TOOL-0030: Angr
          • MASTG-TOOL-0099: FlowDroid
          • MASTG-TOOL-0103: uber-apk-signer
          • MASTG-TOOL-0107: JNITrace
          • MASTG-TOOL-0112: pidcat
          • MASTG-TOOL-0116: Blutter
          • MASTG-TOOL-0120: proxyDroid
          • MASTG-TOOL-0123: apksigner
          • MASTG-TOOL-0124: aapt2
          • MASTG-TOOL-0039: Frida for iOS
          • MASTG-TOOL-0040: MobSF for iOS
          • MASTG-TOOL-0041: nm - iOS
          • MASTG-TOOL-0042: BinaryCookieReader
          • MASTG-TOOL-0043: class-dump
          • MASTG-TOOL-0044: class-dump-z
          • MASTG-TOOL-0045: class-dump-dyld
          • MASTG-TOOL-0046: Cycript
          • MASTG-TOOL-0047: Cydia
          • MASTG-TOOL-0048: dsdump
          • MASTG-TOOL-0049: Frida-cycript
          • MASTG-TOOL-0050: Frida-ios-dump
          • MASTG-TOOL-0051: gdb
          • MASTG-TOOL-0053: iOSbackup
          • MASTG-TOOL-0054: ios-deploy
          • MASTG-TOOL-0055: iProxy
          • MASTG-TOOL-0056: Keychain-Dumper
          • MASTG-TOOL-0057: lldb
          • MASTG-TOOL-0058: MachoOView
          • MASTG-TOOL-0059: optool
          • MASTG-TOOL-0060: otool
          • MASTG-TOOL-0061: Grapefruit
          • MASTG-TOOL-0062: Plutil
          • MASTG-TOOL-0063: security
          • MASTG-TOOL-0064: Sileo
          • MASTG-TOOL-0065: simctl
          • MASTG-TOOL-0066: SSL Kill Switch 3
          • MASTG-TOOL-0067: swift-demangle
          • MASTG-TOOL-0068: SwiftShield
          • MASTG-TOOL-0069: Usbmuxd
          • MASTG-TOOL-0070: Xcode
          • MASTG-TOOL-0071: Xcode Command Line Tools
          • MASTG-TOOL-0072: xcrun
          • MASTG-TOOL-0073: radare2 for iOS
          • MASTG-TOOL-0074: objection for iOS
          • MASTG-TOOL-0102: ios-app-signer
          • MASTG-TOOL-0105: ipsw
          • MASTG-TOOL-0111: ldid
          • MASTG-TOOL-0114: codesign
          • MASTG-TOOL-0121: objdump - iOS
          • MASTG-TOOL-0122: c++filt
          • MASTG-TOOL-0075: Android tcpdump
          • MASTG-TOOL-0076: bettercap
          • MASTG-TOOL-0077: Burp Suite
          • MASTG-TOOL-0078: MITM Relay
          • MASTG-TOOL-0079: OWASP ZAP
          • MASTG-TOOL-0080: tcpdump
          • MASTG-TOOL-0081: Wireshark
          • MASTG-TOOL-0097: mitmproxy
          • MASTG-TOOL-0109: Nope-Proxy
          • MASTG-TOOL-0115: HTTP Toolkit
      • Apps
          • MASTG-APP-0001: AndroGoat
          • MASTG-APP-0002: Android License Validator
          • MASTG-APP-0003: Android UnCrackable L1
          • MASTG-APP-0004: Android UnCrackable L2
          • MASTG-APP-0005: Android UnCrackable L3
          • MASTG-APP-0006: Digitalbank
          • MASTG-APP-0007: DIVA Android
          • MASTG-APP-0008: DodoVulnerableBank
          • MASTG-APP-0009: DVHMA
          • MASTG-APP-0010: InsecureBankv2
          • MASTG-APP-0011: MASTG Hacking Playground (Java)
          • MASTG-APP-0012: MASTG Hacking Playground (Kotlin)
          • MASTG-APP-0013: OVAA
          • MASTG-APP-0014: InsecureShop
          • MASTG-APP-0015: Android UnCrackable L4
          • MASTG-APP-0016: Finstergram
          • MASTG-APP-0017: Disable-flutter-tls-verification
          • MASTG-APP-0023: DVIA
          • MASTG-APP-0024: DVIA-v2
          • MASTG-APP-0025: iOS UnCrackable L1
          • MASTG-APP-0026: iOS UnCrackable L2
          • MASTG-APP-0027: Disable-flutter-tls-verification
          • MASTG-APP-0028: iGoat-Swift
    • MASVS
        • Foreword
        • About the Standard
        • The Mobile Application Security Verification Standard
        • Assessment and Certification
      • MASVS-STORAGE
      • MASVS-STORAGE-1
      • MASVS-STORAGE-2
      • MASVS-CRYPTO
      • MASVS-CRYPTO-1
      • MASVS-CRYPTO-2
      • MASVS-AUTH
      • MASVS-AUTH-1
      • MASVS-AUTH-2
      • MASVS-AUTH-3
      • MASVS-NETWORK
      • MASVS-NETWORK-1
      • MASVS-NETWORK-2
      • MASVS-PLATFORM
      • MASVS-PLATFORM-1
      • MASVS-PLATFORM-2
      • MASVS-PLATFORM-3
      • MASVS-CODE
      • MASVS-CODE-1
      • MASVS-CODE-2
      • MASVS-CODE-3
      • MASVS-CODE-4
      • MASVS-RESILIENCE
      • MASVS-RESILIENCE-1
      • MASVS-RESILIENCE-2
      • MASVS-RESILIENCE-3
      • MASVS-RESILIENCE-4
      • MASVS-PRIVACY
      • MASVS-PRIVACY-1
      • MASVS-PRIVACY-2
      • MASVS-PRIVACY-3
      • MASVS-PRIVACY-4
    • MAS Checklist
      • MASVS-STORAGE
      • MASVS-CRYPTO
      • MASVS-AUTH
      • MASVS-NETWORK
      • MASVS-PLATFORM
      • MASVS-CODE
      • MASVS-RESILIENCE
      • MASVS-PRIVACY
    • MAS Crackmes
      • Android Crackmes
      • iOS Crackmes
      • None
    • 🎙 Talks
      • Contributing to the MAS Project
      • How Can You Contribute?
      • Getting Started
      • Pull Requests & Reviews
      • Add a New Language
      • Style Guide
      • Add a Crackme
      • Donations
      • How to Donate
      • Donation Packages
    • 💬 Connect with Us
    Back to index
    Sven Schleier Sven Schleier
    Creator
    • Metadata
      • October 2, 2019
      • 1 min read

    MSTG Project joins Hacktoberfest

    We are joining the #hacktoberfest October 2-31. Check out our issues at Github. Register at https://hacktoberfest.digitalocean.com.

    © OWASP Foundation 2024. This work is licensed under CC-BY-4.0. For any reuse or distribution, you must make clear to others the license terms of this work.
    OWASP ® is a registered trademark of the OWASP Foundation, Inc. This website uses cookies to analyze our traffic and only share that information with our analytics partners. Learn more.
    Made with Material for MkDocs | Website and covers designed by Carlos Holguera.