Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,44 @@
# Standards Reference: Android Static Analysis with MobSF
## OWASP Mobile Top 10 2024 Mapping
| OWASP ID | Risk | MobSF Coverage |
|----------|------|----------------|
| M1 | Improper Credential Usage | Detects hardcoded API keys, passwords, tokens in source code and resources |
| M2 | Inadequate Supply Chain Security | Identifies third-party library versions with known CVEs |
| M5 | Insecure Communication | Flags missing certificate pinning, cleartext traffic, weak TLS |
| M7 | Insufficient Binary Protections | Checks ProGuard/R8 obfuscation, native binary protections |
| M8 | Security Misconfiguration | Analyzes AndroidManifest.xml for exported components, debug flags, backup settings |
| M9 | Insecure Data Storage | Detects SharedPreferences misuse, world-readable files, SQLite without encryption |
| M10 | Insufficient Cryptography | Identifies ECB mode, static IV, hardcoded encryption keys, weak algorithms |
## OWASP MASVS v2.0 Control Mapping
| MASVS Category | Controls | MobSF Static Checks |
|----------------|----------|---------------------|
| MASVS-STORAGE | Sensitive data storage | SharedPreferences analysis, file permission checks, database encryption |
| MASVS-CRYPTO | Cryptographic implementations | Algorithm strength, key management, IV randomness |
| MASVS-AUTH | Authentication mechanisms | Credential storage, biometric implementation review |
| MASVS-NETWORK | Network security | Network security config, certificate pinning, cleartext detection |
| MASVS-PLATFORM | Platform interaction | Intent filter analysis, content provider security, WebView configuration |
| MASVS-CODE | Code quality | Code obfuscation, debug symbols, error handling |
| MASVS-RESILIENCE | Reverse engineering resistance | Root detection, tamper detection, debugger detection |
## NIST SP 800-163 Rev 1: Vetting the Security of Mobile Applications
- Section 4.1: Static analysis as mandatory step in mobile app vetting process
- Section 4.2: Automated tools should check for known vulnerability patterns
- Section 5: Integration of vetting into enterprise mobile device management
## CWE Mappings for Common MobSF Findings
| CWE ID | Title | MobSF Finding Category |
|--------|-------|----------------------|
| CWE-312 | Cleartext Storage of Sensitive Information | Hardcoded credentials in source |
| CWE-319 | Cleartext Transmission of Sensitive Information | Missing HTTPS enforcement |
| CWE-327 | Use of Broken Cryptographic Algorithm | Weak crypto detection |
| CWE-330 | Use of Insufficiently Random Values | Static IV, predictable random |
| CWE-532 | Insertion of Sensitive Information into Log File | Logging sensitive data |
| CWE-749 | Exposed Dangerous Method or Function | Exported components without guards |
| CWE-919 | Weaknesses in Mobile Applications | General mobile-specific checks |
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Unprotected broadcast receivers |
@@ -0,0 +1,70 @@
# Workflows: Android Static Analysis with MobSF
## Workflow 1: Standalone APK Assessment
```
[Obtain APK] --> [Deploy MobSF Docker] --> [Upload via API] --> [Run Static Scan]
| |
v v
[Verify APK integrity] [Review Manifest Analysis]
[Check signing certificate] [Review Code Analysis]
[Review Binary Analysis]
[Review Network Analysis]
|
v
[Triage HIGH/CRITICAL findings]
[Validate false positives]
[Generate PDF report]
```
## Workflow 2: CI/CD Pipeline Integration
```
[Developer pushes code] --> [Build APK] --> [Upload to MobSF] --> [Static Scan]
|
+-----------+-----------+
| |
[Score >= 60] [Score < 60]
| |
[Pass gate] [Fail build]
[Archive report] [Notify developer]
[Continue pipeline] [Block deployment]
```
## Workflow 3: Third-Party App Vetting
```
[Receive third-party APK] --> [MobSF Static Scan] --> [Automated scoring]
|
v
[Manual review of:]
- Excessive permissions
- Data exfiltration indicators
- Known malware signatures
- C2 communication patterns
|
v
[Risk assessment report]
[Approve/Reject for enterprise use]
```
## Workflow 4: Comparative Analysis Across Versions
```
[APK v1.0] --> [MobSF Scan] --> [Baseline report]
|
[APK v2.0] --> [MobSF Scan] --> [Compare findings] --> [New vulnerabilities introduced?]
| |
v [Yes: Block release]
[Regression report] [No: Approve release]
```
## Decision Matrix: When to Escalate
| Finding Severity | MobSF Category | Action |
|-----------------|----------------|--------|
| CRITICAL | Hardcoded production API keys | Immediate key rotation, block release |
| HIGH | Exported activity with sensitive data | Manual verification, fix before release |
| MEDIUM | Missing certificate pinning | Add to sprint backlog, risk acceptance if internal app |
| LOW | Debug logging of non-sensitive data | Track in issue tracker, fix in next release |
| INFO | Missing ProGuard rules | Recommend but do not block |