Giters

OWASP / owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Home Page:https://mas.owasp.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

MSTG-NETWORK-4 is a L2 control, but is marked as Level 1 in CSV

sushi2k opened this issue · comments

commented

in Git in the markdown document it is level 2: https://github.com/OWASP/owasp-masvs/blob/v1.2/Document/0x10-V5-Network_communication_requirements.md

But in the CSV it is level 1: https://github.com/OWASP/owasp-masvs/releases/download/v1.2/OWASP_MASVS-v1.2-en.csv
5.4,"The app either uses its own certificate store, or pins the endpoint certificate or public key, and subsequently does not establish connections with endpoints that offer a different certificate or key, even if signed by a trusted CA.",

MSTG-NETWORK-4,True,True,False

MSTG-Network-4 is a L2 requirement!

Thanks Roel!

commented

This is correct for the current generation, see here:

https://github.com/OWASP/owasp-masvs/suites/2294862390/artifacts/48078994

Please let me know if there's something else wrong, thank you anyway for reporting :)