diff --git a/.vscode/settings.json b/.vscode/settings.json index a9ddfcde33..0e0cec9d2a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,24 +1,24 @@ { "workbench.colorCustomizations": { - "activityBar.activeBackground": "#78b9fa", - "activityBar.activeBorder": "#d70870", - "activityBar.background": "#78b9fa", + "activityBar.activeBackground": "#7cbaff", + "activityBar.activeBorder": "#df006a", + "activityBar.background": "#7cbaff", "activityBar.foreground": "#15202b", "activityBar.inactiveForeground": "#15202b99", - "activityBarBadge.background": "#d70870", + "activityBarBadge.background": "#df006a", "activityBarBadge.foreground": "#e7e7e7", - "sash.hoverBorder": "#78b9fa", - "statusBar.background": "#479ff8", + "sash.hoverBorder": "#7cbaff", + "statusBar.background": "#499fff", "statusBar.foreground": "#15202b", - "statusBarItem.hoverBackground": "#1685f6", - "statusBarItem.remoteBackground": "#479ff8", + "statusBarItem.hoverBackground": "#1684ff", + "statusBarItem.remoteBackground": "#499fff", "statusBarItem.remoteForeground": "#15202b", - "titleBar.activeBackground": "#479ff8", + "titleBar.activeBackground": "#499fff", "titleBar.activeForeground": "#15202b", - "titleBar.inactiveBackground": "#479ff899", + "titleBar.inactiveBackground": "#499fff99", "titleBar.inactiveForeground": "#15202b99" }, - "peacock.color": "#479ff8", + "peacock.color": "#499FFF", "cSpell.words": [ "aliascert", "apktool", diff --git a/Checklists/Mobile_App_Security_Checklist-English_1.2.xlsx b/Checklists/Mobile_App_Security_Checklist-English_1.2.xlsx deleted file mode 100644 index 3c3b567e37..0000000000 Binary files a/Checklists/Mobile_App_Security_Checklist-English_1.2.xlsx and /dev/null differ diff --git a/Checklists/Mobile_App_Security_Checklist-French_1.2.xlsx b/Checklists/Mobile_App_Security_Checklist-French_1.2.xlsx deleted file mode 100644 index a1b4daeca3..0000000000 Binary files a/Checklists/Mobile_App_Security_Checklist-French_1.2.xlsx and /dev/null differ diff --git a/Checklists/Mobile_App_Security_Checklist-Japanese_1.2.xlsx b/Checklists/Mobile_App_Security_Checklist-Japanese_1.2.xlsx deleted file mode 100644 index 2277c4f20a..0000000000 Binary files a/Checklists/Mobile_App_Security_Checklist-Japanese_1.2.xlsx and /dev/null differ diff --git a/Checklists/Mobile_App_Security_Checklist-Korean_1.2.xlsx b/Checklists/Mobile_App_Security_Checklist-Korean_1.2.xlsx deleted file mode 100644 index 54937c6c46..0000000000 Binary files a/Checklists/Mobile_App_Security_Checklist-Korean_1.2.xlsx and /dev/null differ diff --git a/Checklists/Mobile_App_Security_Checklist-Spanish_1.2.xlsx b/Checklists/Mobile_App_Security_Checklist-Spanish_1.2.xlsx deleted file mode 100644 index f206c37211..0000000000 Binary files a/Checklists/Mobile_App_Security_Checklist-Spanish_1.2.xlsx and /dev/null differ diff --git a/Checklists/README.md b/Checklists/README.md deleted file mode 100644 index 38c080716d..0000000000 --- a/Checklists/README.md +++ /dev/null @@ -1,16 +0,0 @@ - - -# OWASP Mobile Security Testing Guide [![Twitter Follow](https://img.shields.io/twitter/follow/OWASP_MSTG.svg?style=social&label=Follow)](https://twitter.com/OWASP_MSTG) - -[![Creative Commons License](https://licensebuttons.net/l/by-sa/4.0/88x31.png)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0") - -[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://owasp.org/projects/) -[![Document Build](https://github.com/OWASP/owasp-mstg/workflows/Document%20Build/badge.svg)](https://github.com/OWASP/owasp-mstg/actions?query=workflow%3A%22Document+Build%22) - -The checklists contained in the excel files allow a mapping between a given version of the [OWASP Mobile Security Testing Guide (MSTG)](https://github.com/OWASP/owasp-mstg "MSTG") and the [OWASP Mobile Application Verification Standard (MASVS)](https://github.com/OWASP/owasp-masvs "MASVS"). - -The MSTG version element (Dashboard - row 13) in the excel file represent the version of mstg which the links in the excel file will lead to. - -Note that due to the continuous updating and restructuring of the MSTG, the links of different versions are not all identical. And changing the mstg version (Dashboard - row 13) may break the links in the excel file. - -Newer and older versions of the Excel are released on a regular basis and can be found at [the release page](https://github.com/OWASP/owasp-mstg/releases "Releases"). diff --git a/Checklists/checklinks.py b/Checklists/checklinks.py deleted file mode 100644 index 0e7b002c97..0000000000 --- a/Checklists/checklinks.py +++ /dev/null @@ -1,14 +0,0 @@ -import xlrd -loc = ("Mobile_App_Security_Checklist-English_1.1.xlsx") -wb = xlrd.open_workbook(loc) -sheet = wb.sheet_by_index(2) # SecReq Android -#for i in range(1, 80): -# print(sheet.cell_value(i, 6)) # row , col -#print(sheet.hyperlink_list) - -for row_index in range(1, sheet.nrows): - URL = sheet.hyperlink_map.get((row_index, 1)) - print(URL) - - -# https://xlrd.readthedocs.io/en/latest/api.html diff --git a/Document/Images/logo_circle.png b/Document/Images/logo_circle.png index 2ec17dc67d..37e0e2a656 100644 Binary files a/Document/Images/logo_circle.png and b/Document/Images/logo_circle.png differ diff --git a/README.md b/README.md index 1b03c431d9..68bba94892 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # OWASP Mobile Security Testing Guide [![Twitter Follow](https://img.shields.io/twitter/follow/OWASP_MSTG.svg?style=social&label=Follow)](https://twitter.com/OWASP_MSTG) [![Open in Visual Studio Code](https://open.vscode.dev/badges/open-in-vscode.svg)](https://open.vscode.dev/OWASP/owasp-mstg) -[![Creative Commons License](https://licensebuttons.net/l/by-sa/4.0/88x31.png)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0") +[![Creative Commons License](https://img.shields.io/github/license/OWASP/owasp-mstg)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0") [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://owasp.org/projects/) @@ -11,7 +11,10 @@ [![Check Markdown Links](https://github.com/OWASP/owasp-mstg/workflows/Check%20Markdown%20Links/badge.svg)](https://github.com/OWASP/owasp-mstg/actions?query=workflow%3A%22Check+Markdown+Links%22) This is the official GitHub Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the [OWASP Mobile Application Verification Standard (MASVS)](https://github.com/OWASP/owasp-masvs "MASVS"). -You can also read the MSTG on [Gitbook](https://mobile-security.gitbook.io/mobile-security-testing-guide/ "MSTG @ Gitbook") or download it as an [e-book](https://leanpub.com/mobile-security-testing-guide-preview "MSTG as an e-book"). + +- 📖 [Read it on Gitbook](https://mobile-security.gitbook.io/mobile-security-testing-guide/) +- ⬇️ [Download the latest PDF](https://github.com/OWASP/owasp-mstg/releases/latest) +- ✅ [Get the latest Mobile App Security Checklists](https://github.com/OWASP/owasp-mstg/releases/latest) The MSTG and the MASVS are being adopted by many companies, standards, and various organizations. Want to find out more? Check our [users' document listing some of the adopters](Users.md). diff --git a/tools/scripts/excel_styles_and_validation.py b/tools/scripts/excel_styles_and_validation.py index cbb157a255..0f01302907 100644 --- a/tools/scripts/excel_styles_and_validation.py +++ b/tools/scripts/excel_styles_and_validation.py @@ -26,11 +26,12 @@ wrapText=True, ) FONT = "Avenir" +MSTG_BLUE = "499FFF" styles_metadata = [ {"name": "text", "font": {'name': FONT}, "alignment": "left", "background": ""}, {"name": "center", "font": {'name': FONT}, "alignment": "center", "background": ""}, - {"name": "blue_link", "font": {'name': FONT, 'underline': "single", 'color': "1CA4FC"}, "alignment": "center", "background": ""}, + {"name": "blue_link", "font": {'name': FONT, 'underline': "single", 'color': MSTG_BLUE}, "alignment": "center", "background": ""}, {"name": "gray", "font": {'name': FONT}, "alignment": "center", "background": "00C0C0C0"}, {"name": "blue", "font": {'name': FONT}, "alignment": "center", "background": "0033CCCC"}, {"name": "green", "font": {'name': FONT}, "alignment": "center", "background": "0099CC00"}, @@ -61,8 +62,8 @@ def load_styles(wb): styles = [create_style(style) for style in styles_metadata] underline = NamedStyle(name="underline") - underline.font = Font(name=FONT, size=15, bold=True, color="1CA4FC") - bd = Side(style="medium", color="1CA4FC") + underline.font = Font(name=FONT, size=15, bold=True, color=MSTG_BLUE) + bd = Side(style="medium", color=MSTG_BLUE) underline.border = Border(bottom=bd) styles.append(underline) diff --git a/tools/scripts/yaml_to_excel.py b/tools/scripts/yaml_to_excel.py index 51835aa039..33c5f581d2 100644 --- a/tools/scripts/yaml_to_excel.py +++ b/tools/scripts/yaml_to_excel.py @@ -76,8 +76,8 @@ def write_header(ws): ws.merge_cells(start_row=2, end_row=4, start_column=2, end_column=3) img = Image("../../Document/Images/logo_circle.png") - img.height = img.height * 0.15 - img.width = img.width * 0.15 + img.height = 140 + img.width = 140 ws.add_image(img, "C2") img = Image("owasp-masvs/Document/images/OWASP_logo.png")