OWASP · jeel38 · Dec 16, 2024 · cpholguera · Dec 18, 2024 · cpholguera
diff --git a/tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x82.md b/tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x82.md
@@ -0,0 +1,24 @@
+---
+platform: ios
+title: Testing Whether the App is Debuggable
+id: MASTG-TEST-0x82
+type: [static, dynamic]
+weakness: MASWE-0101
+---
+
+## Overview
+
+The test evaluates whether an iOS application is configured to allow debugging. If an app is debuggable, attackers can leverage debugging tools to reverse-engineer the application, analyse its runtime behaviour, and potentially compromise sensitive data or functionality.
-The test evaluates whether an iOS application is configured to allow debugging. If an app is debuggable, attackers can leverage debugging tools to reverse-engineer the application, analyse its runtime behaviour, and potentially compromise sensitive data or functionality.
+The test evaluates whether an iOS application is configured to allow debugging. If an app is debuggable, attackers can leverage debugging tools (see @MASTG-TECH-0084) to analyse the runtime behaviour of the app, and potentially compromise sensitive data or functionality.
-The test evaluates whether an iOS application is configured to allow debugging. If an app is debuggable, attackers can leverage debugging tools to reverse-engineer the application, analyse its runtime behaviour, and potentially compromise sensitive data or functionality.
+The test evaluates whether an iOS application is configured to allow debugging. If an app is debuggable, attackers can leverage debugging tools (see @MASTG-TECH-0084) to analyse the runtime behaviour of the app, and potentially compromise sensitive data or functionality.
+
+## Steps
+
+1. Run a static analysis using @MASTG-TOOL-0111 to extract entitlements from the binary to check the value of the `get-task-allow` key and is set to `true`.
-1. Run a static analysis using @MASTG-TOOL-0111 to extract entitlements from the binary to check the value of the `get-task-allow` key and is set to `true`.
+1. Use @MASTG-TECH-0111 to extract entitlements from the binary and obtain the value of the `get-task-allow` key.
-1. Run a static analysis using @MASTG-TOOL-0111 to extract entitlements from the binary to check the value of the `get-task-allow` key and is set to `true`.
+1. Use @MASTG-TECH-0111 to extract entitlements from the binary and obtain the value of the `get-task-allow` key.
+2. Run a [dynamic analysis](../../../techniques/ios/MASTG-TECH-0084.md) using @MASTG-TOOL-0057.
+
+## Observation
+
+The entitlement get-task-allow is false, and anti-reverse engineering measures prevent debugger attachment attempts.
-The entitlement get-task-allow is false, and anti-reverse engineering measures prevent debugger attachment attempts.
+The output contains the value of the `get-task-allow` entitlement.
-The entitlement get-task-allow is false, and anti-reverse engineering measures prevent debugger attachment attempts.
+The output contains the value of the `get-task-allow` entitlement.
+
+## Evaluation
+
+The test fails as the entitlement get-task-allow is true, allowing debugger attachment.
-The test fails as the entitlement get-task-allow is true, allowing debugger attachment.
+The test fails if the `get-task-allow` entitlement is `true`.
-The test fails as the entitlement get-task-allow is true, allowing debugger attachment.
+The test fails if the `get-task-allow` entitlement is `true`.
diff --git a/tests/ios/MASVS-RESILIENCE/MASTG-TEST-0082.md b/tests/ios/MASVS-RESILIENCE/MASTG-TEST-0082.md
@@ -7,6 +7,9 @@ platform: ios
 title: Testing whether the App is Debuggable
 masvs_v1_levels:
 - R
+status: deprecated
+covered_by: [MASTG-TEST-0x82]
+deprecation_note: New version available in MASTG V2
 ---
 
 ## Overview