Rename MSTG to MASTG & link to New Website (#2195)

* mstg -> mastg

* lint and link fixes

.github/ISSUE_TEMPLATE/bug-report-app.yml

@@ -23,7 +23,7 @@ body:
     id: where
     attributes:
       label: App Name
-      description: Name of crackme or challenge app that is broken. See all apps [here](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes).
+      description: Name of crackme or challenge app that is broken. See all apps [here](https://github.com/OWASP/owasp-mastg/tree/master/Crackmes).
       placeholder: e.g. UnCrackable App for Android Level 1
     validations:
       required: true

.github/workflows/docgenerator.yml

@@ -21,7 +21,7 @@ jobs:
         fetch-depth: 1
 
     - name: Set VERSION to env 
-      run: echo "VERSION=$(curl  "https://api.github.com/repos/OWASP/owasp-mstg/tags" | jq -r '.[0].name')" >> $GITHUB_ENV
+      run: echo "VERSION=$(curl  "https://api.github.com/repos/OWASP/owasp-mastg/tags" | jq -r '.[0].name')" >> $GITHUB_ENV
 
     - name: Set DEV VERSION if it's not a tag
       if: ${{ !startsWith(github.ref, 'refs/tags/') }}
@@ -50,7 +50,7 @@ jobs:
 
     - name: Set MASTG_VERSION to env 
       # run: echo "MASTG_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV
-      run: echo "MASTG_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-mstg/tags | jq '.[0].name' | sed 's/\"//g')" >> $GITHUB_ENV
+      run: echo "MASTG_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-mastg/tags | jq '.[0].name' | sed 's/\"//g')" >> $GITHUB_ENV
 
     - name: Set DEV VERSION if it's not a tag
       if: ${{ !startsWith(github.ref, 'refs/tags/') }}

CHANGELOG.md

@@ -2,18 +2,18 @@
 
 ## V1.2.1 and newer
 
-All our Changelogs are available online at the OWASP MSTG GitHub repository, see the [Releases page](https://github.com/OWASP/owasp-mstg/releases).
+All our Changelogs are available online at the OWASP MSTG GitHub repository, see the [Releases page](https://github.com/OWASP/owasp-mastg/releases).
 
 ## v1.2 - 25th July 2021
 
-167 issues were closed since the last release. A full overview can be seen in Github Issues <https://github.com/OWASP/owasp-mstg/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-08-03..2021-07-25>.
+167 issues were closed since the last release. A full overview can be seen in Github Issues <https://github.com/OWASP/owasp-mastg/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-08-03..2021-07-25>.
 
-326 pull requests were merged since the last release. A full overview can be seen in Github Pull Requests <https://github.com/OWASP/owasp-mstg/pulls?q=is%3Apr+is%3Aclosed+closed%3A2019-08-03..2021-07-25>
+326 pull requests were merged since the last release. A full overview can be seen in Github Pull Requests <https://github.com/OWASP/owasp-mastg/pulls?q=is%3Apr+is%3Aclosed+closed%3A2019-08-03..2021-07-25>
 
 Major changes include:
 
 - Migrating the new document build pipeline from MASVS to MSTG. This allows us to build consistently the whole OWASP MSTG documents (PDF, docx etc.) in minutes, without any manual work.
-- Besides numerous changes for the test cases we have a new Crackme - Android Level 4 <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/Android/Level_04> and also new write-ups for the Crackmes.
+- Besides numerous changes for the test cases we have a new Crackme - Android Level 4 <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes/Android/Level_04> and also new write-ups for the Crackmes.
 - We removed all references to Needle and IDB tool, as both tools are outdated.
 - References of OWASP Mobile Top 10 and MSTG-IDs are completely moved to MASVS
 - Reworking of information gathering (static analysis) for Android Apps

CITATION.cff

@@ -27,7 +27,7 @@ keywords:
   - "mobile pentesting"
 license: "CC-BY-SA-4.0"
 message: "If you use the MASTG, please cite it using these metadata."
-repository-code: "https://github.com/OWASP/owasp-mstg/"
+repository-code: "https://github.com/OWASP/owasp-mastg/"
 title: "OWASP Mobile Application Security Testing Guide"
 version: "1.2"
 ...

Crackmes/README.md

@@ -194,8 +194,8 @@ Note: The IPA is signed with an Enterprise distribution certificate. You'll need
 
 ## MASTG Hacking Playground
 
-Did you enjoy working with the Crackmes? There is more! Go to [the MASTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground "MASTG-playground") and find out!
+Did you enjoy working with the Crackmes? There is more! Go to [the MASTG Hacking Playground](https://github.com/OWASP/MASTG-Hacking-Playground "MASTG-playground") and find out!
 
 ## Issues with the Crackmes
 
-If the app does not boot, or if there is another bug: file an issue at this repository or at [the one you should not go to (SPOILER ALERT!)](https://github.com/OWASP/mstg-crackmes "OWASP MASTG Crackmes").
+If the app does not boot, or if there is another bug: file an issue at this repository or at [the one you should not go to (SPOILER ALERT!)](https://github.com/OWASP/mastg-crackmes "OWASP MASTG Crackmes").

Document/0x01-Foreword.md

@@ -4,7 +4,7 @@ Welcome to the OWASP Mobile Security Testing Guide. Feel free to explore the exi
 
 If you have feedback or suggestions, or want to contribute, create an issue on GitHub or ping us on Slack. See the README for instructions:
 
-<https://github.com/OWASP/owasp-mstg/>
+<https://github.com/OWASP/owasp-mastg/>
 
 **squirrel (noun plural): Any arboreal sciurine rodent of the genus Sciurus, such as S. vulgaris (red squirrel) or S. carolinensis (grey squirrel), having a bushy tail and feeding on nuts, seeds, etc.**
 

Document/0x02a-Frontispiece.md

@@ -22,7 +22,7 @@ The OWASP MASVS and MASTG are trusted by the following platform providers and st
 
 ## 🥇 MAS Advocates
 
-MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. [Learn more](0x02c-Acknowledgements.md#our-mstg-advocates).
+MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. [Learn more](0x02c-Acknowledgements.md#our-mastg-advocates).
 
 <a href="0x02c-Acknowledgements.md#our-mastg-advocates">
 <img src="Images/Other/nowsecure-logo.png" width="200px;"/>
@@ -34,7 +34,7 @@ MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invest
 
 Please consult the laws in your country before executing any tests against mobile apps by utilizing the MASTG materials. Refrain from violating the laws with anything described in the MASTG.
 
-Our [Code of Conduct](https://github.com/OWASP/owasp-mstg/blob/master/CODE_OF_CONDUCT.md) has further details.
+Our [Code of Conduct](https://github.com/OWASP/owasp-mastg/blob/master/CODE_OF_CONDUCT.md) has further details.
 
 ## Copyright and License
 

Document/0x02c-Acknowledgements.md

@@ -79,7 +79,7 @@ If you'd like to apply please contact the project leaders by sending an email to
 
 **High-impact Contributions (time/dedicated resources):**
 
-- [Content PRs](https://github.com/OWASP/owasp-mstg/pulls?q=is%3Apr+%22%28by+%40NowSecure%29%22)
+- [Content PRs](https://github.com/OWASP/owasp-mastg/pulls?q=is%3Apr+%22%28by+%40NowSecure%29%22)
 - Technical Reviews for PRs
 - Participation in GitHub Discussions
 
@@ -109,7 +109,7 @@ In the past, NowSecure has also contributed to the project, has sponsored it bec
 
 ## Contributors
 
-**Note**: This contributor table is generated based on our [GitHub contribution statistics](https://github.com/OWASP/owasp-mstg/graphs/contributors "GitHub contribution statistics"). For more information on these stats, see the [GitHub Repository README](https://github.com/OWASP/owasp-mstg/blob/master/README.md "GitHub Repository README"). We manually update the table, so be patient if you're not listed immediately.
+**Note**: This contributor table is generated based on our [GitHub contribution statistics](https://github.com/OWASP/owasp-mastg/graphs/contributors "GitHub contribution statistics"). For more information on these stats, see the [GitHub Repository README](https://github.com/OWASP/owasp-mastg/blob/master/README.md "GitHub Repository README"). We manually update the table, so be patient if you're not listed immediately.
 
 ### Top Contributors
 

Document/0x05c-Reverse-Engineering-and-Tampering.md

@@ -88,7 +88,7 @@ It is worth highlighting that analyzing disassembled native code is much more ch
 In the next example we'll reverse the HelloWorld-JNI.apk from the OWASP MASTG repository. Installing and running it in an emulator or Android device is optional.
 
 ```bash
-wget https://github.com/OWASP/owasp-mstg/raw/master/Samples/Android/01_HelloWorld-JNI/HelloWord-JNI.apk
+wget https://github.com/OWASP/owasp-mastg/raw/master/Samples/Android/01_HelloWorld-JNI/HelloWord-JNI.apk
 ```
 
 > This app is not exactly spectacular, all it does is show a label with the text "Hello from C++". This is the app Android generates by default when you create a new project with C/C++ support, which is just enough to show the basic principles of JNI calls.
@@ -508,7 +508,7 @@ The following commands summarize how to patch and start dynamic analysis using o
 
 ```bash
 # Download the Uncrackable APK
-$ wget https://github.com/OWASP/owasp-mstg/master/Crackmes/Android/Level_01/UnCrackable-Level1.apk
+$ wget https://github.com/OWASP/owasp-mastg/master/Crackmes/Android/Level_01/UnCrackable-Level1.apk
 # Patch the APK with the Frida Gadget
 $ objection patchapk --source UnCrackable-Level1.apk
 # Install the patched APK on the android phone
@@ -1833,7 +1833,7 @@ When testing an app, process exploration can provide the tester with deep insigh
 
 As you can see, these passive tasks help us collect information. This Information is often used for other techniques, such as method hooking.
 
-In the following sections you will be using [r2frida](0x08a-Testing-Tools.md#r2frida) to retrieve information straight from the app runtime. Please refer to [r2frida's official installation instructions](https://github.com/nowsecure/r2frida/blob/master/README.md#installation "r2frida installation instructions"). First start by opening an r2frida session to the target app (e.g. [HelloWorld JNI](https://github.com/OWASP/owasp-mstg/raw/master/Samples/Android/01_HelloWorld-JNI/HelloWord-JNI.apk "HelloWorld JNI") APK) that should be running on your Android phone (connected per USB). Use the following command:
+In the following sections you will be using [r2frida](0x08a-Testing-Tools.md#r2frida) to retrieve information straight from the app runtime. Please refer to [r2frida's official installation instructions](https://github.com/nowsecure/r2frida/blob/master/README.md#installation "r2frida installation instructions"). First start by opening an r2frida session to the target app (e.g. [HelloWorld JNI](https://github.com/OWASP/owasp-mastg/raw/master/Samples/Android/01_HelloWorld-JNI/HelloWord-JNI.apk "HelloWorld JNI") APK) that should be running on your Android phone (connected per USB). Use the following command:
 
 ```bash
 r2 frida://usb//sg.vantagepoint.helloworldjni

Document/0x05g-Testing-Network-Communication.md

@@ -440,7 +440,7 @@ Normally a function is created to check the certificate(s) and return the boolea
 
 In this particular example we are pinning the intermediate CA of the certificate chain. The output of the HTTP response will be available in the system logs.
 
-Sample Xamarin app with the previous example can be obtained on the [MSTG repository](https://github.com/OWASP/owasp-mstg/raw/master/Samples/Android/02_CertificatePinning/certificatePinningXamarin.apk "Xamarin app with certificate pinning")
+Sample Xamarin app with the previous example can be obtained on the [MSTG repository](https://github.com/OWASP/owasp-mastg/raw/master/Samples/Android/02_CertificatePinning/certificatePinningXamarin.apk "Xamarin app with certificate pinning")
 
 After decompressing the APK file, use a .NET decompiler like dotPeak, ILSpy or dnSpy to decompile the app dlls stored inside the 'Assemblies' folder and confirm the usage of the ServicePointManager.
 

Document/0x05h-Testing-Platform-Interaction.md

@@ -594,7 +594,7 @@ Using unverified deep links can cause a significant issue- any other apps instal
 
 In recent versions of Android this results in a so-called _disambiguation dialog_ shown to the user that asks them to select the application that should handle the deep link. The user could make the mistake of choosing a malicious application instead of the legitimate one.
 
-![OWASP_MSTG](https://developer.android.com/training/app-links/images/app-disambiguation_2x.png)
+<img src="https://developer.android.com/training/app-links/images/app-disambiguation_2x.png"/>
 
 #### Android App Links
 

Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md

@@ -591,7 +591,7 @@ public class CodeCheck {
     }
 ```
 
-Please see [different proposed solutions for the Android Crackme Level 2](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes#uncrackable-app-for-android-level-2 "Solutions Android Crackme Level 2") in GitHub.
+Please see [different proposed solutions for the Android Crackme Level 2](https://github.com/OWASP/owasp-mastg/tree/master/Crackmes#uncrackable-app-for-android-level-2 "Solutions Android Crackme Level 2") in GitHub.
 
 ### Effectiveness Assessment
 
@@ -1114,9 +1114,9 @@ You can use [APKiD](0x08a-Testing-Tools.md#apkid) to detect if the app has been
 Example using the [UnCrackable App for Android Level 4](0x08b-Reference-Apps.md#uncrackable-app-for-android-level-4):
 
 ```sh
-apkid owasp-mstg/Crackmes/Android/Level_04/r2pay-v1.0.apk
+apkid owasp-mastg/Crackmes/Android/Level_04/r2pay-v1.0.apk
 [+] APKiD 2.1.2 :: from RedNaga :: rednaga.io
-[*] owasp-mstg/Crackmes/Android/Level_04/r2pay-v1.0.apk!classes.dex
+[*] owasp-mastg/Crackmes/Android/Level_04/r2pay-v1.0.apk!classes.dex
  |-> anti_vm : Build.TAGS check, possible ro.secure check
  |-> compiler : r8
  |-> obfuscator : unreadable field names, unreadable method names

Document/0x06c-Reverse-Engineering-and-Tampering.md

@@ -1014,7 +1014,7 @@ script.load()
 sys.stdin.read()
 ```
 
-Start Safari on the iOS device. Run the above Python script on your connected host and open the device log (as explained in the section "Monitoring System Logs" from the chapter "iOS Basic Security Testing"). Try opening a new URL in Safari, e.g. <https://github.com/OWASP/owasp-mstg>; you should see Frida's output in the logs as well as in your terminal.
+Start Safari on the iOS device. Run the above Python script on your connected host and open the device log (as explained in the section "Monitoring System Logs" from the chapter "iOS Basic Security Testing"). Try opening a new URL in Safari, e.g. <https://github.com/OWASP/owasp-mastg>; you should see Frida's output in the logs as well as in your terminal.
 
 <img src="Images/Chapters/0x06c/frida-xcode-log.png" width="100%" />
 

Document/0x06i-Testing-Code-Quality-and-Build-Settings.md

@@ -490,7 +490,7 @@ enum RequestError: Error {
 }
 
 func getMSTGInfo() {
-    guard let url = URL(string: "https://github.com/OWASP/owasp-mstg/master/book.json") else {
+    guard let url = URL(string: "https://github.com/OWASP/owasp-mastg/master/book.json") else {
         return
     }
 

Document/0x08a-Testing-Tools.md

@@ -1415,7 +1415,7 @@ cy# a.delegate
 Let's try to trigger an alert message on SpringBoard with Cycript.
 
 ```bash
-cy# alertView = [[UIAlertView alloc] initWithTitle:@"OWASP MSTG" message:@"Mobile Security Testing Guide"  delegate:nil cancelButtonitle:@"OK" otherButtonTitles:nil]
+cy# alertView = [[UIAlertView alloc] initWithTitle:@"OWASP MASTG" message:@"Mobile Application Security Testing Guide"  delegate:nil cancelButtonitle:@"OK" otherButtonTitles:nil]
 #"<UIAlertView: 0x1645c550; frame = (0 0; 0 0); layer = <CALayer: 0x164df160>>"
 cy# [alertView show]
 cy# [alertView release]

Document/0x08b-Reference-Apps.md

@@ -6,27 +6,27 @@ The applications listed below can be used as training materials. Note: only the
 
 ### Android Crackmes
 
-A set of apps to test your Android application hacking skills - <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes>
+A set of apps to test your Android application hacking skills - <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes>
 
 #### UnCrackable App for Android Level 1
 
-Available at <https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level_01>
+Available at <https://github.com/OWASP/owasp-mastg/blob/master/Crackmes/Android/Level_01>
 
 #### UnCrackable App for Android Level 2
 
-Available at <https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level_02>
+Available at <https://github.com/OWASP/owasp-mastg/blob/master/Crackmes/Android/Level_02>
 
 #### UnCrackable App for Android Level 3
 
-Available at <https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level_03>
+Available at <https://github.com/OWASP/owasp-mastg/blob/master/Crackmes/Android/Level_03>
 
 #### UnCrackable App for Android Level 4
 
-Available at <https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level_04>
+Available at <https://github.com/OWASP/owasp-mastg/blob/master/Crackmes/Android/Level_04>
 
 #### Android License Validator
 
-Available at <https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/License_01>
+Available at <https://github.com/OWASP/owasp-mastg/blob/master/Crackmes/Android/License_01>
 
 ### AndroGoat
 
@@ -58,25 +58,25 @@ A vulnerable Android app with vulnerabilities similar to the test cases describe
 
 #### MASTG Hacking Playground (Java)
 
-Available at <https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App>
+Available at <https://github.com/OWASP/MASTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App>
 
 ### MASTG Hacking Playground (Kotlin)
 
-Available at <https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Kotlin-App>
+Available at <https://github.com/OWASP/MASTG-Hacking-Playground/tree/master/Android/MSTG-Android-Kotlin-App>
 
 ## iOS
 
 ### iOS Crackmes
 
-A set of applications to test your iOS application hacking skills - <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes>
+A set of applications to test your iOS application hacking skills - <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes>
 
 #### UnCrackable App for iOS Level 1
 
-Available at <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/iOS/Level_01>
+Available at <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes/iOS/Level_01>
 
 #### UnCrackable App for iOS Level 2
 
-Available at  <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/iOS/Level_02>
+Available at  <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes/iOS/Level_02>
 
 ### Myriam
 

Document/CHANGELOG.md

@@ -2,18 +2,18 @@
 
 ## V1.2.1 and newer
 
-All our Changelogs are available online at the OWASP MSTG GitHub repository, see the [Releases page](https://github.com/OWASP/owasp-mstg/releases).
+All our Changelogs are available online at the OWASP MSTG GitHub repository, see the [Releases page](https://github.com/OWASP/owasp-mastg/releases).
 
 ## v1.2 - 25th July 2021
 
-167 issues were closed since the last release. A full overview can be seen in Github Issues <https://github.com/OWASP/owasp-mstg/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-08-03..2021-07-25>.
+167 issues were closed since the last release. A full overview can be seen in Github Issues <https://github.com/OWASP/owasp-mastg/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-08-03..2021-07-25>.
 
-326 pull requests were merged since the last release. A full overview can be seen in Github Pull Requests <https://github.com/OWASP/owasp-mstg/pulls?q=is%3Apr+is%3Aclosed+closed%3A2019-08-03..2021-07-25>
+326 pull requests were merged since the last release. A full overview can be seen in Github Pull Requests <https://github.com/OWASP/owasp-mastg/pulls?q=is%3Apr+is%3Aclosed+closed%3A2019-08-03..2021-07-25>
 
 Major changes include:
 
 - Migrating the new document build pipeline from MASVS to MSTG. This allows us to build consistently the whole OWASP MSTG documents (PDF, docx etc.) in minutes, without any manual work.
-- Besides numerous changes for the test cases we have a new Crackme - Android Level 4 <https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/Android/Level_04> and also new write-ups for the Crackmes.
+- Besides numerous changes for the test cases we have a new Crackme - Android Level 4 <https://github.com/OWASP/owasp-mastg/tree/master/Crackmes/Android/Level_04> and also new write-ups for the Crackmes.
 - We removed all references to Needle and IDB tool, as both tools are outdated.
 - References of OWASP Mobile Top 10 and MSTG-IDs are completely moved to MASVS
 - Reworking of information gathering (static analysis) for Android Apps