Skip to content

Latest commit

 

History

History
78 lines (70 loc) · 4.12 KB

CHANGELOG.md

File metadata and controls

78 lines (70 loc) · 4.12 KB
Raw

This document is automatically generated at {{gitbook.time}}

1.1.0 30 Nov 2018:

  • Added more samples in Kotlin.
  • Simplified leanpub and gitbook publishing.
  • A lot of QA improvements.
  • Added deserialization testcases for iOS, including input sanitization.
  • Added testcases regarding device-access-security policies and data storage on iOS.
  • Added testcases regarding session invalidation.
  • Improved cryptography and key management testcases on both Android and iOS.
  • Started adding various updates in the testcases introduced by Android Oreo and Android Pie.
  • Refreshed the Testing Tools section: removed some of the lesser maintained tools, added new tools.
  • Fixed some of the markdown issues.
  • Updated license to CC 4.0.
  • Started Japanese translation.
  • Updated references to OWASP Mobile Top 10.
  • Updated Android Crackmes.
  • Fixed some of the anti-reverse-engineering testcases.
  • Added debugging testcase for iOS.

1.0.2 13 Oct 2018:

  • Updated uiding documentation (README)
  • Improved automated build of the pdf, epub and .mobi
  • Updated Frontispiece (given new contributor stats).
  • Added attack surface sections for Android and various
  • Added vulnerable apps for testing skills
  • Improved sections for testing App permissions for Android (given android Oreo/Pie), added section for testing permissions on iOS
  • Added fix for Fragment Injection on older Android versions
  • Improved sections on iOS webview related testing.

1.0.1 17 Sept 2018:

  • Updated guiding documentation (README, PR templates, improved styleguide, issue templates).
  • Added automated build of the pdf and DocX.
  • Updated Frontispiece (given new contributor stats).
  • Updated Crackmes and guiding documentation.
  • Updated tooling commands (ADB, ABE, iMazing, Needle, IPAinstaller, etc.).
  • Added first russian translations of the 1.0 documents for iOS.
  • Improved URLs for GitBook using goo.gl in case of URLs with odd syntax.
  • Updated Frontispiece to give credit to all that have helped out for this version.
  • Clarified the app taxonomy & security testing sections by a rewrite.
  • Added sections for network testing, certificate verification & SSL pinning for Cordova, Webview, Xamarin, React-Native and updated the public key pinning sections.
  • Removed no longer working guides (e.g. using itunes to install apps).
  • Updated a lot of URLs (using TLS wherever possible).
  • Updated tests regarding WebViews.
  • Added new testing toolsuites in the toolssection, such as the mobile hacktools and various dependency checkers.
  • Updated testcases regarding protocol handlers (added missing MASVS 6.6 for iOS).
  • Many small updates in terms of wording, spelling/typos, updated code segments and grammar.
  • Added missing testcases for MASVS 2.11, 4.7, 7.5 and 4.11.
  • Updated the XLS Checklist given MASVS 1.1.0.
  • Removed the clipboard test from iOS and Android.
  • Removed duplicates on local storage Testing and updated data storage testcases.
  • Added writeups from the mobile security sessions at the OWASP summit.
  • Added anti-debugging bypass section for iOS.
  • Added SQL injection and XML injection samples & improved mitigation documentation.
  • Added Needle documentation for iOS.
  • Added fragment injection documentation.
  • Updated IPA installation process guidance.
  • Added XSS sample for Android.
  • Added improved documentation for certificate installation on Android devices.
  • Updated Frida & Fridump related documentation.
  • Added sections about in-memory data analysis in iOS.
  • Updated software development and related supporting documentation.
  • Updated (anti) reverse-engineering sections for Android and iOS.
  • Updated data storage chapters given newer tooling.
  • Merged SDLC and security testing chapters.
  • Updated cryptography & key-management testing sections for both Android and iOS (up to Android Nougat/iOS 11).
  • Updated general overview chapters for Android and iOS.
  • Updated Android and iOS IPC Testing.
  • Added missing overviews, references, etc. to various sections, such as 0x6i.
  • Updated local authentication chapters and the authenticaiton & session management chapters.
  • Updated testing for sensitive data in memory cases.
  • Added code quality sections.

1.0 15 Jun 2018 : First release