Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,21 @@
# Standards Reference: Deep Link Vulnerabilities
## OWASP Mobile Top 10 2024
| ID | Risk | Deep Link Relevance |
|----|------|-------------------|
| M4 | Insufficient Input/Output Validation | Injection via deep link parameters |
| M8 | Security Misconfiguration | Unverified App Links, missing scheme validation |
## OWASP MASVS v2.0 - MASVS-PLATFORM
| Control | Test |
|---------|------|
| MASVS-PLATFORM-1 | App validates deep link parameters before processing |
| MASVS-PLATFORM-2 | App does not expose sensitive functionality via URL schemes |
## CWE Mappings
| CWE | Title | Attack Vector |
|-----|-------|--------------|
| CWE-939 | Improper Authorization in Handler for Custom URL Scheme | Scheme hijacking |
| CWE-940 | Improper Verification of Source in URL Scheme Handler | Missing origin validation |
| CWE-79 | Cross-site Scripting | JavaScript injection via WebView deep links |
| CWE-601 | URL Redirection to Untrusted Site | Open redirect via URL parameter |
@@ -0,0 +1,24 @@
# Workflows: Deep Link Vulnerability Testing
## Workflow 1: Deep Link Assessment
```
[Extract Manifest/Plist] --> [Enumerate schemes] --> [Test each deep link]
|
+--------------+--------------+
| | |
[Parameter injection] [Redirect test] [WebView loading]
[SQL/XSS/Path trav] [Open redirect] [JS injection]
| | |
+--------------+--------------+
|
[Link hijacking test]
[App Links verification]
[Report findings]
```
## Decision Matrix
| Scheme Type | Hijacking Risk | Mitigation |
|-------------|---------------|------------|
| Custom (myapp://) | HIGH - any app can register | Validate calling app, use App Links |
| App Links (verified) | LOW - domain verified | Ensure assetlinks.json is correct |
| Universal Links | LOW - domain verified | Ensure AASA file is correct |