Rename mitigations to best-practices

Document/index.md

@@ -25,7 +25,7 @@ Start exploring the MASTG:
 <a href="/MASTG/demos/" class="md-button md-button--primary" style="margin: 5px; min-width: 12em; text-align: center;">:material-flask-outline:  Demos</a>
 <a href="/MASTG/tools/" class="md-button md-button--primary" style="margin: 5px; min-width: 12em; text-align: center;">:octicons-tools-24:  Tools</a>
 <a href="/MASTG/apps/" class="md-button md-button--primary" style="margin: 5px; min-width: 12em; text-align: center;">:octicons-code-square-24:  Apps</a>
-<a href="/MASTG/mitigations/" class="md-button md-button--primary" style="margin: 5px; min-width: 12em; text-align: center;">:material-bandage:  Mitigations (v2 Beta)</a>
+<a href="/MASTG/best-practices/" class="md-button md-button--primary" style="margin: 5px; min-width: 12em; text-align: center;">:material-shield-check:  Best Practices (v2 Beta)</a>
 
 <span style="color: darkgray; font-size: small"> :blue_heart:{ .pump } Support the project by purchasing the [OWASP MASTG on leanpub.com](https://leanpub.com/owasp-mastg). All funds raised through sales of this book go directly into the project budget and will be used to for technical editing and designing the book and fund production of future releases.</span>
 

mitigations/MASTG-MITIG-0001.md → best-practices/MASTG-BEST-0001.md

@@ -1,7 +1,7 @@
 ---
-title: Use Secure Random Number Generators APIs
+title: Use Secure Random Number Generator APIs
 alias: android-use-secure-random
-id: MASTG-MITIG-0001
+id: MASTG-BEST-0001
 platform: android
 ---
 

mitigations/MASTG-MITIG-0002.md → best-practices/MASTG-BEST-0002.md

@@ -1,7 +1,7 @@
 ---
 title: Remove Logging Code
 alias: remove-logging-code
-id: MASTG-MITIG-0002
+id: MASTG-BEST-0002
 platform: android
 ---
 

mitigations/MASTG-MITIG-0003.md → best-practices/MASTG-BEST-0003.md

@@ -1,7 +1,7 @@
 ---
 title: Comply with Privacy Regulations and Best Practices
 alias: comply-with-privacy-regulations
-id: MASTG-MITIG-0003
+id: MASTG-BEST-0003
 platform: android
 ---
 

mitigations/MASTG-MITIG-0004.md → best-practices/MASTG-BEST-0004.md

@@ -1,7 +1,7 @@
 ---
 title: Exclude Sensitive Data from Backups
 alias: exclude-sensitive-data-from-backups
-id: MASTG-MITIG-0004
+id: MASTG-BEST-0004
 platform: android
 ---
 

mitigations/MASTG-MITIG-0005.md → best-practices/MASTG-BEST-0005.md

@@ -1,7 +1,7 @@
 ---
 title: Use Secure Encryption Modes
 alias: use-secure-encryption-modes
-id: MASTG-MITIG-0005
+id: MASTG-BEST-0005
 platform: android
 ---
 

mitigations/MASTG-MITIG-0006.md → best-practices/MASTG-BEST-0006.md

@@ -1,7 +1,7 @@
 ---
 title: Use Up-to-Date APK Signing Schemes
 alias: use-up-to-date-apk-signing-schemes
-id: MASTG-MITIG-0006
+id: MASTG-BEST-0006
 platform: android
 ---
 

best-practices/index.md

@@ -0,0 +1,11 @@
+---
+hide: toc
+title: Best Practices (v2 - Beta)
+status: new
+---
+
+??? info "About the MASTG Best Practices"
+
+    The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps. 
+
+    Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.

demos/index.md

@@ -1,6 +1,6 @@
 ---
 hide: toc
-title: MASTG Demos
+title: MASTG Demos (v2 Beta)
 status: new
 ---
 

docs/hooks/add-cross-references.py

@@ -33,28 +33,28 @@ def generate_cross_references():
     cross_references = {
         "weaknesses": {},
         "tests": {},
-        "mitigations": {}
+        "best-practices": {}
     }
 
     for test_id, test_meta in tests.items():
         weakness_id = test_meta.get("weakness")
         test_path = test_meta.get("path")
         test_title = test_meta.get("title")
         test_platform = test_meta.get("platform")
-        mitigations_ids = test_meta.get("mitigations")
+        best_practices_ids = test_meta.get("best-practices")
 
         # Create cross-references for weaknesses listing all tests that reference each weakness ID
         if weakness_id:
             if weakness_id not in cross_references["weaknesses"]:
                 cross_references["weaknesses"][weakness_id] = []
             cross_references["weaknesses"][weakness_id].append({"id": test_id, "path": test_path, "title": test_title, "platform": test_platform})
 
-        # Create cross-references for mitigations listing all tests that reference each mitigation ID
-        if mitigations_ids:
-            for mitigation_id in mitigations_ids:
-                if mitigation_id not in cross_references["mitigations"]:
-                    cross_references["mitigations"][mitigation_id] = []
-                cross_references["mitigations"][mitigation_id].append({"id": test_id, "path": test_path, "title": test_title, "platform": test_platform})
+        # Create cross-references for best_practices listing all tests that reference each best_practice ID
+        if best_practices_ids:
+            for best_practice_id in best_practices_ids:
+                if best_practice_id not in cross_references["best-practices"]:
+                    cross_references["best-practices"][best_practice_id] = []
+                cross_references["best-practices"][best_practice_id].append({"id": test_id, "path": test_path, "title": test_title, "platform": test_platform})
 
     for demo_id, demo_meta in demos.items():
         test_id = demo_meta.get("test")
@@ -108,6 +108,20 @@ def on_page_markdown(markdown, page, config, **kwargs):
                 markdown += f"\n\n{tests_section}"
 
     if "MASTG-TEST-" in path:
+
+        # Add best_practices section to tests as a bullet point list with IDs, links are resolved in a separate hook
+        # ORIGIN: Test metadata
+
+        best_practices = meta.get('best-practices')
+        if best_practices:
+            best_practices_section = "## Mitigations\n\n"
+            for best_practice_id in best_practices:
+                best_practice_path = f"MASTG/best-practices/{best_practice_id}.md"
+                relPath = os.path.relpath(best_practice_path, os.path.dirname(path))
+                best_practices_section += f"- @{best_practice_id}\n"
+
+            markdown += f"\n\n{best_practices_section}"
+
         test_id = meta.get('id')
 
         # Add Demos section to tests as buttons
@@ -123,35 +137,22 @@ def on_page_markdown(markdown, page, config, **kwargs):
                     demos_section += f"[{get_platform_icon(demo['platform'])} {demo['id']}: {demo['title']}]({relPath}){{: .mas-demo-button}} "
 
                 markdown += f"\n\n{demos_section}"
-
-        # Add Mitigations section to tests as a bullet point list with IDs, links are resolved in a separate hook
-        # ORIGIN: Test metadata
-
-        mitigations = meta.get('mitigations')
-        if mitigations:
-            mitigations_section = "## Mitigations\n\n"
-            for mitigation_id in mitigations:
-                mitigation_path = f"MASTG/mitigations/{mitigation_id}.md"
-                relPath = os.path.relpath(mitigation_path, os.path.dirname(path))
-                mitigations_section += f"- @{mitigation_id}\n"
-
-            markdown += f"\n\n{mitigations_section}"
 
-    if "MASTG-MITIG" in path:
-        mitig_id = meta.get('id')
+    if "MASTG-BEST" in path:
+        best_practice_id = meta.get('id')
 
-        # Add Tests section to mitigations as buttons
+        # Add Tests section to best_practices as buttons
         # ORIGIN: Cross-references from this script
 
-        if mitig_id in cross_references["mitigations"]:
-            mitigations = cross_references["mitigations"].get(mitig_id)
-            meta['mitigations'] = mitigations
-            if mitigations:
-                mitigations_section = "## Tests\n\n"
-                for mitigation in mitigations:
-                    relPath = os.path.relpath(mitigation['path'], os.path.dirname(path))
-                    mitigations_section += f"[{get_platform_icon(mitigation['platform'])} {mitigation['id']}: {mitigation['title']}]({relPath}){{: .mas-test-button}} "
+        if best_practice_id in cross_references["best-practices"]:
+            best_practices = cross_references["best-practices"].get(best_practice_id)
+            meta['best-practices'] = best_practices
+            if best_practices:
+                best_practices_section = "## Tests\n\n"
+                for best_practice in best_practices:
+                    relPath = os.path.relpath(best_practice['path'], os.path.dirname(path))
+                    best_practices_section += f"[{get_platform_icon(best_practice['platform'])} {best_practice['id']}: {best_practice['title']}]({relPath}){{: .mas-test-button}} "
 
-                markdown += f"\n\n{mitigations_section}"
+                markdown += f"\n\n{best_practices_section}"
 
     return markdown

docs/hooks/create_dynamic_tables.py

@@ -263,13 +263,13 @@ def get_all_mitigations_beta():
 
         mitigations = []
 
-        for file in glob.glob("docs/MASTG/mitigations/**/MASTG-MITIG-*.md", recursive=True):
+        for file in glob.glob("docs/MASTG/best-practices/**/MASTG-BEST-*.md", recursive=True):
             with open(file, 'r') as f:
                 content = f.read()
 
                 frontmatter = next(yaml.load_all(content, Loader=yaml.FullLoader))
 
-                frontmatter['path'] = f"/MASTG/mitigations/{os.path.splitext(os.path.relpath(file, 'docs/MASTG/mitigations'))[0]}"
+                frontmatter['path'] = f"/MASTG/best-practices/{os.path.splitext(os.path.relpath(file, 'docs/MASTG/best-practices'))[0]}"
                 mitigation_id = frontmatter['id']
                 frontmatter['id'] = mitigation_id
                 frontmatter['title'] = f"@{mitigation_id}"
@@ -322,7 +322,7 @@ def on_page_markdown(markdown, page, **kwargs):
 
         return append_to_page(markdown, list_of_dicts_to_md_table(demos_beta_columns_reordered, column_titles))
 
-    elif path.endswith("mitigations/index.md"):
+    elif path.endswith("best-practices/index.md"):
         # mitigations-beta/index.md
 
         column_titles = {'id': 'ID', 'title': 'Title', 'platform': "Platform"} 

docs/hooks/maswe-beta-banner.py

@@ -117,7 +117,7 @@ def on_page_markdown(markdown, page, **kwargs):
 
     banners = []
 
-    if any(substring in path for substring in ["MASWE/", "MASTG/tests-beta/", "MASTG/demos/"]):
+    if any(substring in path for substring in ["MASWE/", "MASTG/tests-beta/", "MASTG/demos/", "MASTG/best-practices/"]):
         banners.append(beta_banner)
 
     if "MASWE/" in path and page.meta.get('status') == 'draft':

docs/hooks/resolve_references.py

@@ -7,7 +7,7 @@
 
 log = logging.getLogger('mkdocs')
 
-mapping = {"TECH":{}, "TOOL":{}, "TEST": {}, "APP": {}, "MASWE": {}, "MASVS": {}, "DEMO": {}, "MITIG": {}}
+mapping = {"TECH":{}, "TOOL":{}, "TEST": {}, "APP": {}, "MASWE": {}, "MASVS": {}, "DEMO": {}, "BEST": {}}
 
 @mkdocs.plugins.event_priority(-50)
 def on_page_markdown(markdown, page, config, **kwargs):
@@ -17,7 +17,7 @@ def on_page_markdown(markdown, page, config, **kwargs):
 
     icons_for_text = {key.upper(): f":{value.replace('/', '-')}: " for key, value in icons.items()}
 
-    pageRefs = {"TECH": [], "TOOL": [], "TEST": [], "APP": [], "MASWE": [], "MASVS": [], "DEMO": [], "MITIG": []}
+    pageRefs = {"TECH": [], "TOOL": [], "TEST": [], "APP": [], "MASWE": [], "MASVS": [], "DEMO": [], "BEST": []}
 
     def replaceReference(match):
         refType = match.group(2)
@@ -57,7 +57,7 @@ def replaceReferenceMASVS(match):
         return f"_[{icon}{mapping[refType][match]['title']}]({mapping[refType][match]['file']})_"
 
 
-    updated_markdown = re.sub(r'@(MASTG-(TECH|TOOL|TEST|APP|DEMO|MITIG)-\d{3,})', replaceReference, markdown)
+    updated_markdown = re.sub(r'@(MASTG-(TECH|TOOL|TEST|APP|DEMO|BEST)-\d{3,})', replaceReference, markdown)
     updated_markdown = re.sub(r'@(MASWE-\d{3,})', replaceReferenceMASWE, updated_markdown)
     updated_markdown = re.sub(r'@(MASVS-\w+)', replaceReferenceMASVS, updated_markdown)
 

docs/hooks/update_titles.py

@@ -13,7 +13,7 @@ def set_page_icon(page, config, component_type=None):
 def on_page_markdown(markdown, page, config, **kwargs):
     path = page.file.src_uri
 
-    if any(keyword in path for keyword in ["MASTG-TEST-", "MASTG-TOOL-", "MASTG-TECH-", "MASTG-APP-", "MASTG-DEMO-", "MASTG-MITIG-"]):
+    if any(keyword in path for keyword in ["MASTG-TEST-", "MASTG-TOOL-", "MASTG-TECH-", "MASTG-APP-", "MASTG-DEMO-", "MASTG-BEST-"]):
         # TODO the component ID is the file basename without the extension; ensure that all components have id in the future
         page.meta['id'] = path.split('/')[-1].split('.')[0]
         component_type = page.meta['id'].split('-')[1].lower()

mkdocs.yml

@@ -41,6 +41,9 @@ nav:
         - ... | flat | MASTG/0x05*.md
       - iOS Security Testing: 
         - ... | flat | MASTG/0x06*.md
+      - Best Practices (v2 Beta):
+        - MASTG/best-practices/index.md
+        - ... | flat | MASTG/best-practices/*.md
       - Tests:
         - MASTG/tests/index.md
         - Android:
@@ -86,31 +89,31 @@ nav:
             - ... | flat | MASTG/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-*.md
           # - MASVS-AUTH:
           #   - ... | flat | MASTG/tests-beta/android/MASVS-AUTH/MASTG-TEST-*.md
-          # - MASVS-NETWORK:
-          #   - ... | flat | MASTG/tests-beta/android/MASVS-NETWORK/MASTG-TEST-*.md
+          - MASVS-NETWORK:
+            - ... | flat | MASTG/tests-beta/android/MASVS-NETWORK/MASTG-TEST-*.md
           # - MASVS-PLATFORM:
           #   - ... | flat | MASTG/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-*.md
-          # - MASVS-CODE:
-          #   - ... | flat | MASTG/tests-beta/android/MASVS-CODE/MASTG-TEST-*.md
-          # - MASVS-RESILIENCE:
-          #   - ... | flat | MASTG/tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-*.md
+          - MASVS-CODE:
+            - ... | flat | MASTG/tests-beta/android/MASVS-CODE/MASTG-TEST-*.md
+          - MASVS-RESILIENCE:
+            - ... | flat | MASTG/tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-*.md
           - MASVS-PRIVACY:
             - ... | flat | MASTG/tests-beta/android/MASVS-PRIVACY/MASTG-TEST-*.md
-        # - iOS:
-          # - MASVS-STORAGE:
-          #   - ... | flat | MASTG/tests-beta/ios/MASVS-STORAGE/MASTG-TEST-*.md
-          # - MASVS-CRYPTO:
-          #   - ... | flat | MASTG/tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-*.md
+        - iOS:
+          - MASVS-STORAGE:
+            - ... | flat | MASTG/tests-beta/ios/MASVS-STORAGE/MASTG-TEST-*.md
+          - MASVS-CRYPTO:
+            - ... | flat | MASTG/tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-*.md
           # - MASVS-AUTH:
           #   - ... | flat | MASTG/tests-beta/ios/MASVS-AUTH/MASTG-TEST-*.md
           # - MASVS-NETWORK:
           #   - ... | flat | MASTG/tests-beta/ios/MASVS-NETWORK/MASTG-TEST-*.md
           # - MASVS-PLATFORM:
           #   - ... | flat | MASTG/tests-beta/ios/MASVS-PLATFORM/MASTG-TEST-*.md
-          # - MASVS-CODE:
-          #   - ... | flat | MASTG/tests-beta/ios/MASVS-CODE/MASTG-TEST-*.md
-          # - MASVS-RESILIENCE:
-          #   - ... | flat | MASTG/tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-*.md
+          - MASVS-CODE:
+            - ... | flat | MASTG/tests-beta/ios/MASVS-CODE/MASTG-TEST-*.md
+          - MASVS-RESILIENCE:
+            - ... | flat | MASTG/tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-*.md
           # - MASVS-PRIVACY:
           #   - ... | flat | MASTG/tests-beta/ios/MASVS-PRIVACY/MASTG-TEST-*.md 
       - Demos (v2 Beta):
@@ -132,26 +135,23 @@ nav:
           #   - ... | flat | MASTG/demos/android/MASVS-RESILIENCE/**/MASTG-DEMO-*.md
           - MASVS-PRIVACY:
             - ... | flat | MASTG/demos/android/MASVS-PRIVACY/**/MASTG-DEMO-*.md
-        # - iOS:
-        #   - MASVS-STORAGE:
-        #     - ... | flat | MASTG/demos/ios/MASVS-STORAGE/**/MASTG-DEMO-*.md
-        #   - MASVS-CRYPTO:
-        #     - ... | flat | MASTG/demos/ios/MASVS-CRYPTO/**/MASTG-DEMO-*.md
-        #   - MASVS-AUTH:
-        #     - ... | flat | MASTG/demos/ios/MASVS-AUTH/**/MASTG-DEMO-*.md
-        #   - MASVS-NETWORK:
-        #     - ... | flat | MASTG/demos/ios/MASVS-NETWORK/**/MASTG-DEMO-*.md
-        #   - MASVS-PLATFORM:
-        #     - ... | flat | MASTG/demos/ios/MASVS-PLATFORM/**/MASTG-DEMO-*.md
-        #   - MASVS-CODE:
-        #     - ... | flat | MASTG/demos/ios/MASVS-CODE/**/MASTG-DEMO-*.md
-        #   - MASVS-RESILIENCE:
-        #     - ... | flat | MASTG/demos/ios/MASVS-RESILIENCE/**/MASTG-DEMO-*.md
-        #   - MASVS-PRIVACY:
-        #     - ... | flat | MASTG/demos/ios/MASVS-PRIVACY/**/MASTG-DEMO-*.md
-      - Mitigations:
-        - MASTG/mitigations/index.md
-        - ... | flat | MASTG/mitigations/*.md
+        - iOS:
+          - MASVS-STORAGE:
+            - ... | flat | MASTG/demos/ios/MASVS-STORAGE/**/MASTG-DEMO-*.md
+          - MASVS-CRYPTO:
+            - ... | flat | MASTG/demos/ios/MASVS-CRYPTO/**/MASTG-DEMO-*.md
+          # - MASVS-AUTH:
+          #   - ... | flat | MASTG/demos/ios/MASVS-AUTH/**/MASTG-DEMO-*.md
+          # - MASVS-NETWORK:
+          #   - ... | flat | MASTG/demos/ios/MASVS-NETWORK/**/MASTG-DEMO-*.md
+          # - MASVS-PLATFORM:
+          #   - ... | flat | MASTG/demos/ios/MASVS-PLATFORM/**/MASTG-DEMO-*.md
+          # - MASVS-CODE:
+          #   - ... | flat | MASTG/demos/ios/MASVS-CODE/**/MASTG-DEMO-*.md
+          # - MASVS-RESILIENCE:
+          #   - ... | flat | MASTG/demos/ios/MASVS-RESILIENCE/**/MASTG-DEMO-*.md
+          # - MASVS-PRIVACY:
+          #   - ... | flat | MASTG/demos/ios/MASVS-PRIVACY/**/MASTG-DEMO-*.md
       - Techniques:
         - MASTG/techniques/index.md
         - Generic:
@@ -252,7 +252,7 @@ theme:
       app: octicons/code-square-24
       demo: material/flask-outline
       tech: material/magic-staff # fontawesome/solid/wand-magic-sparkles
-      mitig: material/bandage
+      best: material/shield-check
       maswe: octicons/shield-24
       masvs: simple/owasp
   features:
@@ -378,7 +378,7 @@ extra:
     tech: tech
     maswe: maswe
     masvs: masvs
-    mitig: mitig
+    best: best
   status:
     draft: This page is in draft.
     new: New in this beta!