mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
# Standards Reference: Deep Link Vulnerabilities
|
||||
|
||||
## OWASP Mobile Top 10 2024
|
||||
| ID | Risk | Deep Link Relevance |
|
||||
|----|------|-------------------|
|
||||
| M4 | Insufficient Input/Output Validation | Injection via deep link parameters |
|
||||
| M8 | Security Misconfiguration | Unverified App Links, missing scheme validation |
|
||||
|
||||
## OWASP MASVS v2.0 - MASVS-PLATFORM
|
||||
| Control | Test |
|
||||
|---------|------|
|
||||
| MASVS-PLATFORM-1 | App validates deep link parameters before processing |
|
||||
| MASVS-PLATFORM-2 | App does not expose sensitive functionality via URL schemes |
|
||||
|
||||
## CWE Mappings
|
||||
| CWE | Title | Attack Vector |
|
||||
|-----|-------|--------------|
|
||||
| CWE-939 | Improper Authorization in Handler for Custom URL Scheme | Scheme hijacking |
|
||||
| CWE-940 | Improper Verification of Source in URL Scheme Handler | Missing origin validation |
|
||||
| CWE-79 | Cross-site Scripting | JavaScript injection via WebView deep links |
|
||||
| CWE-601 | URL Redirection to Untrusted Site | Open redirect via URL parameter |
|
||||
@@ -0,0 +1,24 @@
|
||||
# Workflows: Deep Link Vulnerability Testing
|
||||
|
||||
## Workflow 1: Deep Link Assessment
|
||||
```
|
||||
[Extract Manifest/Plist] --> [Enumerate schemes] --> [Test each deep link]
|
||||
|
|
||||
+--------------+--------------+
|
||||
| | |
|
||||
[Parameter injection] [Redirect test] [WebView loading]
|
||||
[SQL/XSS/Path trav] [Open redirect] [JS injection]
|
||||
| | |
|
||||
+--------------+--------------+
|
||||
|
|
||||
[Link hijacking test]
|
||||
[App Links verification]
|
||||
[Report findings]
|
||||
```
|
||||
|
||||
## Decision Matrix
|
||||
| Scheme Type | Hijacking Risk | Mitigation |
|
||||
|-------------|---------------|------------|
|
||||
| Custom (myapp://) | HIGH - any app can register | Validate calling app, use App Links |
|
||||
| App Links (verified) | LOW - domain verified | Ensure assetlinks.json is correct |
|
||||
| Universal Links | LOW - domain verified | Ensure AASA file is correct |
|
||||
Reference in New Issue
Block a user