OWASP · cpholguera · Aug 18, 2022 · Aug 14, 2022 · Aug 18, 2022 · Aug 18, 2022
diff --git a/.github/ISSUE_TEMPLATE/make-donation.yml b/.github/ISSUE_TEMPLATE/make-donation.yml
@@ -66,7 +66,7 @@ body:
     id: paperback
     attributes:
       label: 📘 MSTG Paperback Copies
-      description: Would you like to receive the paperback copie(s) of the MSTG as indicated in your Donation Package?
+      description: Would you like to receive the paperback copies of the MSTG as indicated in your Donation Package?
       options:
         - 🌱 No, please save the money for the project and help the environment and climate.
         - 📮 Yes, please send them to me.

diff --git a/.github/workflows/spell-checker.yml b/.github/workflows/spell-checker.yml
@@ -14,4 +14,5 @@ jobs:
       - uses: actions/checkout@v2
       - uses: codespell-project/actions-codespell@master
         with:
-          ignore_words_list: ba,compliancy,firt,ist,keypair,ligh,ser,synopsys,theses,zuser
+          ignore_words_list: "ba,bund,compliancy,firt,ist,keypair,ligh,ro,ser,synopsys,theses,zuser"
+          skip: "*.json,*.yml,*.apk,*.ipa"
diff --git a/Document/0x04i-Testing-User-Privacy-Protection.md b/Document/0x04i-Testing-User-Privacy-Protection.md
@@ -110,7 +110,7 @@ You can follow these steps:
 2. Go to the section ["Privacy Details"](https://developer.apple.com/app-store/app-privacy-details/) (App Store) or ["Safety Section"](https://android-developers.googleblog.com/2021/05/new-safety-section-in-google-play-will.html) (Google Play).
 3. Verify if there's any information available at all.
 
-The test passes if the developer has complied with the app marketplace guidelines and included the required labels and explanations. Store and provide the information you got from the app marketplace as evidence, so that you can later use it to evaluate potential violations of privacy or data protection.
+The test passes if the developer has compiled with the app marketplace guidelines and included the required labels and explanations. Store and provide the information you got from the app marketplace as evidence, so that you can later use it to evaluate potential violations of privacy or data protection.
 
 ### Dynamic analysis
 

diff --git a/Document/0x05c-Reverse-Engineering-and-Tampering.md b/Document/0x05c-Reverse-Engineering-and-Tampering.md
@@ -40,7 +40,7 @@ Android decompilers go one step further and attempt to convert Android bytecode
 - [Procyon](https://github.com/mstrobel/procyon "Procyon")
 - [CFR](https://www.benf.org/other/cfr/ "CFR")
 
-Alternatively run [apkx](0x08a-Testing-Tools.md#apkx) on your APK or use the exported files from the previous tools to open the Java source code in another tool such as an IDE.
+Alternatively you can use the [APKLab](0x08a-Testing-Tools.md#apklab) extension for Visual Studio Code or run [apkx](0x08a-Testing-Tools.md#apkx) on your APK or use the exported files from the previous tools to open the reversed source code on your preferred IDE.
 
 In the following example we'll be using [UnCrackable App for Android Level 1](0x08b-Reference-Apps.md#uncrackable-app-for-android-level-1). First, let's install the app on a device or emulator and run it to see what the crackme is about.
 

diff --git a/Document/0x05e-Testing-Cryptography.md b/Document/0x05e-Testing-Cryptography.md
@@ -28,7 +28,7 @@ These phases are managed by the Keystore/KeyChain system. However how the system
 
 Apps that target modern API levels, went through the following changes:
 
-- For Android 7.0 (API level 24) and above [the Android Developer blog shows that](https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html "Security provider Crypto deprecated in Andorid N"):
+- For Android 7.0 (API level 24) and above [the Android Developer blog shows that](https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html "Security provider Crypto deprecated in Android N"):
   - It is recommended to stop specifying a security provider. Instead, always use a [patched security provider](0x05e-Testing-Cryptography.md#updating-provider).
   - The support for the `Crypto` provider has dropped and the provider is deprecated. The same applies to its `SHA1PRNG` for secure random.
 - For Android 8.1 (API level 27) and above the [Developer Documentation](https://developer.android.com/about/versions/oreo/android-8.1 "Cryptography updates") shows that:

diff --git a/Document/0x08a-Testing-Tools.md b/Document/0x08a-Testing-Tools.md
@@ -1109,6 +1109,12 @@ For more information on what this tool can be used for, check out:
 - [APKiD: PEiD for Android Apps](https://github.com/enovella/cve-bio-enovella/blob/master/slides/bheu18-enovella-APKID.pdf)
 - [APKiD: Fast Identification of AppShielding Products](https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf)
 
+### APKLab
+
+[APKLab](https://github.com/APKLab/APKLab "APKLab") is a convenient Visual Studio Code extension leveraging tools such as [apktool](#apktool) and [jadx](#jadx) to enable features including app unpacking, decompilation, code patching (e.g. for MITM), and repackaging straight from the IDE.
+
+For more information, you can refer to [APKLab's official documentation](https://apklab.surendrajat.xyz/).
+
 ### Apktool
 
 [Apktool](https://github.com/iBotPeaches/Apktool) is used to unpack Android app packages (APKs). Simply unzipping APKs with the standard `unzip` utility leaves some files unreadable. `AndroidManifest.xml` is encoded into binary XML format which isn’t readable with a text editor. Also, the app resources are still packaged into a single archive file.