Name: MSTG-Hacking-Playground
Owner: OWASP
Description: null
Created: 2016-07-21 02:43:19.0
Updated: 2018-04-26 10:51:42.0
Pushed: 2018-01-10 09:31:56.0
Homepage: null
Size: 29824
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
The OWASP Mobile Security Testing Guide (MSTG) will be similar to the OWASP Web Application Testing Guide, but will have specific test cases only applicable to mobile platforms. In order to give practical guidance to developers, security researches and penetration testers, a hacking playground was created that consists of different mobile App?s that contain different vulnerabilities that map to the MSTG test cases. Every test case described in the MSTG will therefore be implemented in an Android and iOS App. This has two advantages:
It is also encouraged to use the App(s) for education purpose during trainings and workshops.
Current Draft of the OWASP Mobile Security Testing Guide (MSTG) can be found here https://github.com/OWASP/owasp-mstg/.
If you want to contribute to the MSTG, please go to the OWASP Slack Channel. You can register here http://owasp.herokuapp.com/ and can find us in the channel #project-mobile_omtg.
APK files of the Android App can be found in the following path: Android/MSTG-Android-App/app/build/outputs/apk/ https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/OMTG-Android-App/app/build/outputs/apk
The Android App is located in https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/OMTG-Android-App. After cloning the repo this directory needs to be opened in Android Studio.
In order to get the App running, besides the Android SDK, also the Android NDK needs to be availabe. If the NDK is not available, Android Studio will ask to download or specify a local path for the NDK when the project is opened. If parts of the SDK are missing, a prompt should show up to install the additional requriments. Afterwards the App can be build and can be run in an emulator or mobile device.
Check the Wiki for a description of all available test cases.
Screenshot:
The following Mobile App is already created:
Sven Schleier
Senior Security Consultant
Vantage Point Security
sven@vantagepoint.sg
This project is using the GNU General Public License v3.0.
Nikhil Soni (@nikhil) Ryan Teoh (@ryantzj)