| MASVS-NETWORK-1 |
|
The app secures all network traffic according to the current best practices. |
|
|
|
|
|
|
|
MASTG-TEST-0237MASTG-TEST-0237 |
Cross-Platform Framework Configurations Allowing Cleartext Traffic |
platform:android |
profile:L1 |
profile:L2 |
|
|
placeholderstatus:placeholder |
|
MASTG-TEST-0238MASTG-TEST-0238 |
Runtime Use of Network APIs Transmitting Cleartext Traffic |
platform:android |
profile:L1 |
profile:L2 |
|
|
placeholderstatus:placeholder |
|
MASTG-TEST-0019MASTG-TEST-0019 |
Testing Data Encryption on the Network |
platform:android |
profile:L1 |
profile:L2 |
|
|
deprecatedstatus:deprecated |
|
MASTG-TEST-0023MASTG-TEST-0023 |
Testing the Security Provider |
platform:android |
|
profile:L2 |
|
|
update-pendingstatus:update-pending |
|
MASTG-TEST-0233MASTG-TEST-0233 |
Hardcoded HTTP URLs |
platform:android |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0236MASTG-TEST-0236 |
Cleartext Traffic Observed on the Network |
platform:network |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0235MASTG-TEST-0235 |
Android App Configurations Allowing Cleartext Traffic |
platform:android |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0234MASTG-TEST-0234 |
SSLSockets not Properly Verifying Hostnames |
platform:android |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0021MASTG-TEST-0021 |
Testing Endpoint Identify Verification |
platform:android |
profile:L1 |
profile:L2 |
|
|
update-pendingstatus:update-pending |
|
MASTG-TEST-0020MASTG-TEST-0020 |
Testing the TLS Settings |
platform:android |
profile:L1 |
profile:L2 |
|
|
deprecatedstatus:deprecated |
|
MASTG-TEST-0217MASTG-TEST-0217 |
Insecure TLS Protocols Explicitly Allowed in Code |
platform:android |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0218MASTG-TEST-0218 |
Insecure TLS Protocols in Network Traffic |
platform:network |
profile:L1 |
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0239MASTG-TEST-0239 |
Using low-level APIs (e.g. Socket) to set up a custom HTTP connection |
platform:android |
profile:L1 |
profile:L2 |
|
|
placeholderstatus:placeholder |
|
MASTG-TEST-0066MASTG-TEST-0066 |
Testing the TLS Settings |
platform:ios |
profile:L1 |
profile:L2 |
|
|
update-pendingstatus:update-pending |
|
MASTG-TEST-0065MASTG-TEST-0065 |
Testing Data Encryption on the Network |
platform:ios |
profile:L1 |
profile:L2 |
|
|
update-pendingstatus:update-pending |
|
MASTG-TEST-0067MASTG-TEST-0067 |
Testing Endpoint Identity Verification |
platform:ios |
profile:L1 |
profile:L2 |
|
|
update-pendingstatus:update-pending |
| MASVS-NETWORK-2 |
|
The app performs identity pinning for all remote endpoints under the developer's control. |
|
|
|
|
|
|
|
MASTG-TEST-0022MASTG-TEST-0022 |
Testing Custom Certificate Stores and Certificate Pinning |
platform:android |
|
profile:L2 |
|
|
deprecatedstatus:deprecated |
|
MASTG-TEST-0242MASTG-TEST-0242 |
Missing Certificate Pinning in Network Security Configuration |
platform:android |
|
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0244MASTG-TEST-0244 |
Missing Certificate Pinning in Network Traffic |
platform:network |
|
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0243MASTG-TEST-0243 |
Expired Certificate Pins in the Network Security Configuration |
platform:android |
|
profile:L2 |
|
|
newstatus:new |
|
MASTG-TEST-0068MASTG-TEST-0068 |
Testing Custom Certificate Stores and Certificate Pinning |
platform:ios |
|
profile:L2 |
|
|
update-pendingstatus:update-pending |