[Owasp-leaders] OWASP Mobile Top Ten 2014 - M10 Datapoints

Jonathan Carter jonathan.carter at owasp.org
Tue Nov 4 22:34:40 UTC 2014


The ASVS stuff does indeed mention and prescribe trying to prevent static /
dynamic analysis for sensitive apps (infrastructure; IoT apps; etc).  There
are other OWASP projects out there that make similar references to
preventing this stuff: BSIMM and OpenSAMM for example.

On Tue, Nov 4, 2014 at 1:32 PM, Andre Gironda <andreg at gmail.com> wrote:

> http://scmagazine.com/riskiq-platform/review/4304/
>
> This is not just about vendors, but technology choice. A prior work was
> presented at OWASP AppSecUSA in 2011 from Ryan W Smith on "STAAF: an
> Efficient Distributed Framework for Performing Large-Scale Android
> Application Analysis".
>
> Both the Mobile Top Ten and the ASVS mention binary-obfuscation technology
> and anti debugging/reversing for mobile apps. Should these mentions be
> removed? I want to say no but I am clearly less biased than Jonathan
> Carter. By the way, I would like to take credit for adding this material to
> the MT10. However, I did not add it to ASVS 2.0. Who did that and why?
>
> dre
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/9773b31d/attachment.html>


More information about the OWASP-Leaders mailing list