add page content for MASWE

OWASP · Dec 5, 2024 · dba359e · dba359e
2 parents e2e4777 + 95dc651
commit dba359e
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 8 deletions.
diff --git a/_data/draft.yaml b/_data/draft.yaml
@@ -145,7 +145,7 @@ docs:
 - title: '5.3.3 OWASP Secure Headers Project'
   url: implementation/secure_libraries/secure_headers
 
-- title: '5.4 [Mobile application weakness enumeration'
+- title: '5.4 Mobile application weakness enumeration'
   url: implementation/mas_weakness_enumeration
 
 - title: '6. Verification'

diff --git a/_data/release.yaml b/_data/release.yaml
@@ -145,7 +145,7 @@ docs:
 - title: '5.3.3 OWASP Secure Headers Project'
   url: implementation/secure_libraries/secure_headers
 
-- title: '5.4 [Mobile application weakness enumeration'
+- title: '5.4 Mobile application weakness enumeration'
   url: implementation/mas_weakness_enumeration
 
 - title: '6. Verification'

diff --git a/draft/07-implementation/04-maswe.md b/draft/07-implementation/04-maswe.md
@@ -29,13 +29,15 @@ permalink: /draft/implementation/mas_weakness_enumeration/
 The OWASP [Mobile Application Security][masproject] (MAS) flagship project provides
 industry standards for mobile application security.
 
-The OWASP MASWE project ...
+The OWASP [MASWE][maswe] project is one of the tools provided by MAS,
+and provides a list of weaknesses that have been found in various mobile applications.
 
 #### What is the MASWE?
 
-The MAS Weakness Enumeration ...
+The MAS [Weakness Enumeration][maswe] lists weaknesses, and therefore potential vulnerabilities,
+that have been found in various mobile applications over time.
 
-The MASWE is split out into weakness categories that match the MASVS verification categories:
+The MASWE is split out into weakness categories that correspond to the [MASVS][masvs] verification categories:
 
 * [MASVS-STORAGE](https://mas.owasp.org/MASWE/MASVS-STORAGE/MASWE-0001/) sensitive data storage
 * [MASVS-CRYPTO](https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0009/) cryptography best practices
@@ -48,26 +50,50 @@ The MASWE is split out into weakness categories that match the MASVS verificatio
 
 #### Why use it?
 
+Although the MASWE is a relatively new project from 2024, it already provides a common language
+when discussing and categorizing weaknesses found in mobile applications.
+It also provides a list of potential vulnerabilities that should be considered during the design lifecycle
+and when creating or revising security requirements for mobile applications.
+
+The MASWE is a valuable list of what can go wrong with mobile applications along with the activities of malicious actors.
+
 #### How to use it
 
+The Common Weakness Enumeration ([CWE][cwe]), published by Mitre, can be used by security architects
+so they are aware of what weaknesses and potential vulnerabilities that could be present in an application.
+Development teams can use the CWE as a reference to these weaknesses and to help understanding of any mitigations.
+These are just two examples of how the CWE is widely used.
+
+In a similar way the MASWE can be used in the development of mobile applications :
+
+* inform development teams of specific weaknesses
+* identification of security requirements
+* used as a training aid
+* provide categorization of weaknesses
+
+This list is just a starting point; there are many uses for the MASWE.
+
 #### References
 
 * Mobile Application Security ([MAS][masproject]) project
-* MAS [Checklist][masc]
-* MAS Testing Guide ([MASTG][mastg])
+* MAS Weakness Enumeration ([MASWE][maswe])
+* Mitre Common Weakness Enumeration ([CWE][cwe])
 * MAS Verification Standard ([MASVS][masvs])
+* MAS [Checklist][masc]
 * MAS Testing Guide ([MASTG][mastg])
 
 ----
 
 The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0704] or [edit on GitHub][edit0704].
 
+[cwe]: https://cwe.mitre.org/
 [edit0704]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/07-implementation/04-maswe.md
-[issue0704]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-design/07-implementation/04-maswe
+[issue0704]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2007-implementation/04-maswe
 [masproject]: https://owasp.org/www-project-mobile-app-security/
 [masc]: https://mas.owasp.org/checklists/
 [mastg]: https://mas.owasp.org/MASTG/
+[maswe]: https://mas.owasp.org/MASWE/
 [masvs]: https://mas.owasp.org/MASVS/
 
 \newpage