Update content to be translated to pt-br

OWASP · Dec 6, 2024 · 85f4afd · 85f4afd
1 parent 1bb590f
commit 85f4afd
Show file tree

Hide file tree

Showing 10 changed files with 127 additions and 17 deletions.
diff --git a/_data/release-pt-br.yaml b/_data/release-pt-br.yaml
@@ -145,6 +145,9 @@ docs:
 - title: '5.3.3 Projeto de Cabeçalhos Seguros OWASP (OSHP)'
   url: implementation/secure_libraries/secure_headers
 
+- title: '5.4 Mobile application weakness enumeration'
+  url: implementation/mas_weakness_enumeration
+
 - title: '6. Verificação'
   url: verification
 

diff --git a/release-pt-br/02-toc.md b/release-pt-br/02-toc.md
@@ -66,6 +66,7 @@ permalink:
 5.3.1 [Enterprise Security API library](#enterprise-security-api-library)  
 5.3.2 [CSRFGuard library](#csrfguard-library)  
 5.3.3 [OWASP Secure Headers Project](#owasp-secure-headers-project)  
+5.4 [Mobile application weakness enumeration](#mobile-application-weakness-enumeration)  
 
 6 **[Verification](#verification)**  
 6.1 [Guides](#verification-guides)  

diff --git a/release-pt-br/05-requirements/06-mas.md b/release-pt-br/05-requirements/06-mas.md
@@ -26,8 +26,8 @@ permalink: /release-pt-br/requirements/mobile_application_security/
 
 ### 3.6 Mobile Application Security
 
-The OWASP [Mobile Application Security][masproject] (MAS) flagship project has the mission statement:
-"Define the industry standard for mobile application security".
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
 
 The MAS project covers the processes, techniques, and tools used for security testing mobile applications.
 It provides a set of test cases that enables testers to deliver consistent and complete results.
@@ -74,7 +74,7 @@ which can be used as a guide to decide if the category should to be included in
 * OWASP [Mobile Application Security][mas] (MAS)
 * MAS [project][masproject]
 * MAS [Checklist][masc]
-* MAS Verification Standard ([MASVS][masvs])
+* MAS [Verification Standard][masvs] (MASVS)
 * OWASP [Mobile Application Security][csmas] cheat sheet
 
 ----

diff --git a/release-pt-br/06-design/03-mas-checklist.md b/release-pt-br/06-design/03-mas-checklist.md
@@ -26,8 +26,8 @@ permalink: /release-pt-br/design/mas_checklist/
 
 ### 4.3 Mobile application checklist
 
-The OWASP [Mobile Application Security][masproject] (MAS) flagship project has the mission statement:
-"Define the industry standard for mobile application security".
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
 
 The OWASP MAS project provides the [Mobile Application Security Verification Standard][masvs] (MASVS)
 for mobile applications and a comprehensive [Mobile Application Security Testing Guide][mastg] (MASTG).
@@ -46,6 +46,7 @@ This MAS Checklist is split out into categories that match the MASVS categories:
 * [MASVS-PLATFORM](https://mas.owasp.org/checklists/MASVS-PLATFORM/) interactions with the mobile platform
 * [MASVS-CODE](https://mas.owasp.org/checklists/MASVS-CODE/) platform and data entry points along with third-party software
 * [MASVS-RESILIENCE](https://mas.owasp.org/checklists/MASVS-RESILIENCE/) integrity and running on a trusted platform
+* [MASVS-PRIVACY](https://mas.owasp.org/checklists/MASVS-PRIVACY/) privacy of users, data and resources
 
 In addition to the web links there is a [downloadable spreadsheet][masxls].
 
@@ -69,6 +70,7 @@ This record of test results can be used as evidence for compliance purposes.
 * Mobile Application Security ([MAS][masproject]) project
 * MAS [Checklist][masc]
 * MAS Verification Standard ([MASVS][masvs])
+* MAS Testing Guide ([MASTG][mastg])
 * OWASP [Mobile Application Security][csmas] cheat sheet
 
 ----

diff --git a/release-pt-br/07-implementation/00-toc.md b/release-pt-br/07-implementation/00-toc.md
@@ -51,6 +51,7 @@ Sections:
 5.3.1 [Enterprise Security API library](#enterprise-security-api-library)  
 5.3.2 [CSRFGuard library](#csrfguard-library)  
 5.3.3 [OWASP Secure Headers Project](#owasp-secure-headers-project)  
+5.4 [Mobile application weakness enumeration](#mobile-application-weakness-enumeration)  
 
 ----
 

diff --git a/release-pt-br/07-implementation/04-maswe.md b/release-pt-br/07-implementation/04-maswe.md
@@ -0,0 +1,99 @@
+---
+
+title: MAS Weakness Enumeration
+layout: col-document
+tags: OWASP Developer Guide
+contributors:
+document: OWASP Developer Guide
+order: 27400
+permalink: /release-pt-brimplementation/mas_weakness_enumeration/
+
+---
+
+{% include breadcrumb.html %}
+
+<style type="text/css">
+.image-right {
+  height: 180px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  float: right;
+}
+</style>
+
+![MAS checklist logo](../../../assets/images/logos/mas.png "OWASP MASWE"){: .image-right }
+
+### 5.4 Mobile application weakness enumeration
+
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
+
+The OWASP [MASWE][maswe] project is one of the tools provided by MAS,
+and provides a list of weaknesses that have been found in various mobile applications.
+
+#### What is the MASWE?
+
+The MAS [Weakness Enumeration][maswe] lists weaknesses, and therefore potential vulnerabilities,
+that have been found in various mobile applications over time.
+
+The MASWE is split out into weakness categories that correspond to the [MASVS][masvs] verification categories:
+
+* [MASVS-STORAGE](https://mas.owasp.org/MASWE/MASVS-STORAGE/MASWE-0001/) sensitive data storage
+* [MASVS-CRYPTO](https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0009/) cryptography best practices
+* [MASVS-AUTH](https://mas.owasp.org/MASWE/MASVS-AUTH/MASWE-0028/) authentication and authorization mechanisms
+* [MASVS-NETWORK](https://mas.owasp.org/MASWE/MASVS-NETWORK/MASWE-0047/) network communications
+* [MASVS-PLATFORM](https://mas.owasp.org/MASWE/MASVS-PLATFORM/MASWE-0053/) interactions with the mobile platform
+* [MASVS-CODE](https://mas.owasp.org/MASWE/MASVS-CODE/MASWE-0075/) platform and third-party software
+* [MASVS-RESILIENCE](https://mas.owasp.org/MASWE/MASVS-RESILIENCE/MASWE-0089/) integrity and running on a trusted platform
+* [MASVS-PRIVACY](https://mas.owasp.org/MASWE/MASVS-PRIVACY/MASWE-0108/) privacy of users, data and resources
+
+#### Why use it?
+
+Although the MASWE is a relatively new project from 2024, it already provides a common language
+when discussing and categorizing weaknesses found in mobile applications.
+It also provides a list of potential vulnerabilities that should be considered during the design lifecycle
+and when creating or revising security requirements for mobile applications.
+
+The MASWE is a valuable list of what can go wrong with mobile applications along with the activities of malicious actors.
+
+#### How to use it
+
+The Common Weakness Enumeration ([CWE][cwe]), published by Mitre, can be used by security architects
+so they are aware of what weaknesses and potential vulnerabilities that could be present in an application.
+Development teams can use the CWE as a reference to these weaknesses and to help understanding of any mitigations.
+These are just two examples of how the CWE is widely used.
+
+In a similar way the MASWE can be used in the development of mobile applications :
+
+* inform development teams of specific weaknesses
+* identification of security requirements
+* used as a training aid
+* provide categorization of weaknesses
+
+This list is just a starting point; there are many uses for the MASWE.
+
+#### References
+
+* Mobile Application Security ([MAS][masproject]) project
+* MAS Weakness Enumeration ([MASWE][maswe])
+* Mitre Common Weakness Enumeration ([CWE][cwe])
+* MAS Verification Standard ([MASVS][masvs])
+* MAS [Checklist][masc]
+* MAS Testing Guide ([MASTG][mastg])
+
+----
+
+The OWASP Developer Guide is a community effort; if there is something that needs changing
+then [submit an issue][issue0704] or [edit on GitHub][edit0704].
+
+[cwe]: https://cwe.mitre.org/
+[edit0704]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/07-implementation/04-maswe.md
+[issue0704]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2007-implementation/04-maswe
+[masproject]: https://owasp.org/www-project-mobile-app-security/
+[masc]: https://mas.owasp.org/checklists/
+[mastg]: https://mas.owasp.org/MASTG/
+[maswe]: https://mas.owasp.org/MASWE/
+[masvs]: https://mas.owasp.org/MASVS/
+
+\newpage
diff --git a/release-pt-br/07-implementation/toc.md b/release-pt-br/07-implementation/toc.md
@@ -62,6 +62,7 @@ Sections:
 5.3.1 [Enterprise Security API library](03-secure-libraries/01-esapi.md)  
 5.3.2 [CSRFGuard library](03-secure-libraries/02-csrf-guard.md)  
 5.3.3 [OWASP Secure Headers Project](03-secure-libraries/03-secure-headers.md)  
+5.4 [Mobile application weakness enumeration](04-maswe.md) 
 
 ----
 

diff --git a/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md b/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md
@@ -103,13 +103,14 @@ WebWolf provides:
 
 #### Where to go from here?
 
-Try all the WebGoat lessons, they will certainly inform and educate.
-Use WebGoat in demonstrations of your favourite attack chains.
-Exercise available attack tools against WebGoat.
-
 Try out the WebGoat desktop environment by running `docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop`
 and navigating to `http://localhost:3000/`.
 
+* Try the WebGoat lessons, they will certainly inform and educate
+* Exercise available attack tools against WebGoat
+* Use WebGoat in demonstrations of your favourite attack chains
+* Use WebGoat material in presentations on vulnerabilities
+
 There are various ways of configuring WebGoat, see the [github repo][goatgithub] for more details.
 
 #### References

diff --git a/release-pt-br/13-security-gap-analysis/01-guides/03-mas.md b/release-pt-br/13-security-gap-analysis/01-guides/03-mas.md
@@ -26,13 +26,13 @@ permalink: /release-pt-br/security_gap_analysis/guides/mobile_application_securi
 
 ### 11.1.3 Mobile Application Security
 
-The OWASP [Mobile Application Security][masproject] (MAS) flagship project has the mission statement:
-"Define the industry standard for mobile application security".
+The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
+industry standards for mobile application security.
 
-The MAS project covers the processes, techniques, and tools used for security testing a mobile application,
-as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
 The OWASP MAS project provides the [Mobile Application Security Verification Standard][masvs] (MASVS)
 for mobile applications that can be used as a guide for security gap analysis.
+The MAS project covers the processes, techniques, and tools used for security testing a mobile application,
+as well as a set of test cases that enables testers to deliver consistent and complete results.
 
 #### What is MASVS?
 
@@ -52,6 +52,7 @@ The security controls are split into several categories:
 * [MASVS-PLATFORM](https://mas.owasp.org/MASVS/09-MASVS-PLATFORM/)
 * [MASVS-CODE](https://mas.owasp.org/MASVS/10-MASVS-CODE/)
 * [MASVS-RESILIENCE](https://mas.owasp.org/MASVS/11-MASVS-RESILIENCE/)
+* [MASVS-PRIVACY](https://mas.owasp.org/MASVS/12-MASVS-PRIVACY/)
 
 #### Why use MASVS?
 
@@ -62,12 +63,12 @@ given that MASVS is the industry standard for mobile applications, so any omissi
 #### How to use MASVS
 
 The MASVS provides a list of expected security controls for mobile applications,
-and this can be used to identify missing or inadequate controls during the gap analysis.
+and can be used to identify missing or inadequate controls during gap analysis.
 These controls can then be tested using the [MAS Testing Guide][mastg].
 
-MASVS can be [accessed online][masvs] and the links followed for the security controls;
-the mobile application can then be inspected for compliance with each control.
-This provides a starting point for a security gap evaluation for any existing controls.
+The MASVS provides a starting point for a security gap evaluation for any existing controls as well as new ones.
+The MASVS can be [accessed online][masvs] and links followed for each security controls;
+the mobile application can then be inspected for compliance with the relevant controls.
 
 #### References
 

diff --git a/release-pt-br/toc.md b/release-pt-br/toc.md
@@ -72,6 +72,7 @@ permalink: /release-pt-br/
 5.3.1 [Enterprise Security API library](07-implementation/03-secure-libraries/01-esapi.md)  
 5.3.2 [CSRFGuard library](07-implementation/03-secure-libraries/02-csrf-guard.md)  
 5.3.3 [OWASP Secure Headers Project](07-implementation/03-secure-libraries/03-secure-headers.md)  
+5.4 [Mobile application weakness enumeration](07-implementation/04-maswe.md)  
 
 6 **[Verification](08-verification/toc.md)**  
 6.1 [Guides](08-verification/01-guides/toc.md)