mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-14 15:04:56 +03:00
mukul975
23 lines
1022 B
Markdown
23 lines
1022 B
Markdown
# Standards Reference: Android Intent Vulnerabilities
|
|
|
|
## OWASP Mobile Top 10 2024
|
|
| ID | Risk | Intent Relevance |
|
|
|----|------|-----------------|
|
|
| M4 | Insufficient Input/Output Validation | Intent parameter injection |
|
|
| M8 | Security Misconfiguration | Exported components without permission guards |
|
|
|
|
## OWASP MASVS v2.0 - MASVS-PLATFORM
|
|
| Control | Test |
|
|
|---------|------|
|
|
| MASVS-PLATFORM-1 | Verify exported components require appropriate permissions |
|
|
| MASVS-PLATFORM-2 | Verify intent data is validated before processing |
|
|
|
|
## CWE Mappings
|
|
| CWE | Title | Vector |
|
|
|-----|-------|--------|
|
|
| CWE-926 | Improper Export of Android Application Components | Exported without permission |
|
|
| CWE-927 | Use of Implicit Intent for Sensitive Communication | Sensitive data in implicit intents |
|
|
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Missing sender verification |
|
|
| CWE-89 | SQL Injection | Content provider query injection |
|
|
| CWE-22 | Path Traversal | Content provider path traversal |
|