This is the official GitHub Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS).

Respuesta sobre asegurar aplicaciones mobiles que usan APIs

Ventajas de usar una VPN para usar productos de Google

This is the main web site for my free book, the Secure Programming HOWTO (previously titled Secure Programming for Linux and Unix HOWTO and Secure Programming for Linux HOWTO). This book provides a set of design and implementation guidelines for writing secure programs. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95. I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

Ofuscación sin concer el código fuente

Obfuscapk is an open-source automatic obfuscation tool for Android apps that works in a black-box fashion (i.e., it does not need the app source code). Obfuscapk supports advanced obfuscation features and has a modular architecture that could be straightforwardly extended to support new obfuscation techniques. This paper introduces the architecture, the main obfuscation techniques implemented in Obfuscapk, as well as the basics of the Obfuscapk CLI. Finally, the paper discusses an actual use-case for Obfuscapk, and an empirical assessment on the reliability of the tool on a set of 1000 “most downloaded” APKs from the Google Play Store.