Skip to content

Port MASTG-TEST-0076: Testing iOS WebViews (ios) (by @guardsquare) #3041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pascalj wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Port MASTG-TEST-0076: Testing iOS WebViews (ios) (by @guardsquare) #3041

pascalj wants to merge 5 commits into from

Conversation

@pascalj
Copy link
Collaborator

@pascalj pascalj commented Nov 5, 2024
edited
Loading

  • Your contribution is written in the 2nd person (e.g. you)
  • Your contribution is written in an active present form for as much as possible.
  • You have made sure that the reference section is up to date (e.g. please add sources you have used, make sure that the references to MITRE/MASVS/etc. are up to date)
  • Your contribution has proper formatted markdown and/or code
  • Any references to website have been formatted as [TEXT](URL “NAME”)
  • You verified/tested the effectiveness of your contribution (e.g.: is the code really an effective remediation? Please verify it works!)

This PR closes #2962.

@pascalj pascalj force-pushed the mastg-0076 branch 4 times, most recently from c1fae5a to 7b8b02e Compare November 6, 2024 15:11
@pascalj pascalj marked this pull request as ready for review November 6, 2024 15:14
cpholguera
cpholguera reviewed Jan 17, 2025
View reviewed changes
cpholguera
cpholguera reviewed Jan 24, 2025
View reviewed changes
tests/ios/MASVS-PLATFORM/MASTG-TEST-0076.md
Copy link
Collaborator

@cpholguera cpholguera Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pascalj I just added some old content that was missing from it.

Static Analysis:

  • Testing JavaScript configuration
  • Testing for Mixed Content
  • Testing for WebView URI manipulation

Dynamic Analysis:

  • Enumerating WebView instances
  • Checking if JavaScript is enabled
  • Testing for Mixed Content

Please double check this and include the new tests accordingly. Thanks a lot!

@cpholguera cpholguera changed the title Port MASTG-TEST-0076 (by @guardsquare) Port MASTG-TEST-0076: Testing iOS WebViews (ios) (by @guardsquare) Feb 24, 2025
cpholguera
cpholguera reviewed Dec 15, 2025
View reviewed changes
tests-beta/ios/MASVS-PLATFORM/MASTG-TEST-0x76-2.md
Copy link
Collaborator

@cpholguera cpholguera Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We won't be testing for this:

Having JavaScript enabled is not considered a vulnerability by itself, but it can lead to security issues in combination with other weaknesses, such as local file access in WebViews, which are covered by other tests in the MASTG v2. This test is therefore not considered a standalone test anymore.

https://mas.owasp.org/MASTG/tests/android/MASVS-PLATFORM/MASTG-TEST-0031/

@serek8 serek8 self-assigned this Dec 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpholguera cpholguera cpholguera left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@serek8 serek8

Labels

changes-requested iOS MASTG Refactor MASVS-PLATFORM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0076: Testing iOS WebViews (ios)

3 participants

@pascalj @cpholguera @serek8