fix md links to tools and tech (#2635)

OWASP · Jun 24, 2024 · 4497e0d · 4497e0d
1 parent 72d2a5b
commit 4497e0d
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/...ASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/test.md b/...ASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/test.md
@@ -15,7 +15,7 @@ Android apps sometimes use insecure pseudorandom number generators (PRNGs) such
 
 ## Steps
 
-1. Run a [static analysis](../../../../../techniques/android/MASTG-TECH-0014.md) tool on the app and look for insecure random APIs.
+1. Run a [static analysis](/MASTG/techniques/android/MASTG-TECH-0014) tool on the app and look for insecure random APIs.
 
 ## Observation
 

diff --git a/risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-non-random-use/test.md b/risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-non-random-use/test.md
@@ -15,7 +15,7 @@ Android applications sometimes use non-random sources to generate "random" value
 
 ## Steps
 
-1. Run a [static analysis](/MASTG/techniques/android/MASTG-TECH-0014.md) tool on the app and look for uses of non-random sources.
+1. Run a [static analysis](/MASTG/techniques/android/MASTG-TECH-0014) tool on the app and look for uses of non-random sources.
 
 ## Observation
 

diff --git a/...ation/sensitive-data-in-network-traffic/android-data-in-traffic-capture/test.md b/...ation/sensitive-data-in-network-traffic/android-data-in-traffic-capture/test.md
@@ -10,14 +10,14 @@ prerequisites:
 
 ## Overview
 
-Attackers may capture network traffic from Android devices using an intercepting proxy, such as [OWASP ZAP](https://www.zaproxy.org/), [Burp Suite](https://portswigger.net/burp), or [mitmproxy](https://mitmproxy.org/), to analyze the data being transmitted by the app. This works even if the app uses HTTPS, as the attacker can install a custom root certificate on the Android device to decrypt the traffic. Inspecting traffic that is not encrypted with HTTPS is even easier and can be done without installing a custom root certificate for example by using [Wireshark](https://www.wireshark.org/).
+Attackers may capture network traffic from Android devices using an intercepting proxy, such as [OWASP ZAP](/MASTG/tools/MASTG-TOOL-0079), [Burp Suite](/MASTG/tools/MASTG-TOOL-0077), or [mitmproxy](/MASTG/tools/MASTG-TOOL-0097), to analyze the data being transmitted by the app. This works even if the app uses HTTPS, as the attacker can install a custom root certificate on the Android device to decrypt the traffic. Inspecting traffic that is not encrypted with HTTPS is even easier and can be done without installing a custom root certificate for example by using [Wireshark](/MASTG/tools/MASTG-TOOL-0081).
 
 The goal of this test is to verify that sensitive data is not being sent over the network, even if the traffic is encrypted. This test is especially important for apps that handle sensitive data, such as financial or health data, and should be performed in conjunction with a review of the app's privacy policy and the App Store Privacy declarations.
 
 ## Steps
 
 1. Start the device.
-2. Start [logging sensitive data from network traffic](/MASTG/techniques/android/MASTG-TECH-0100.md).
+2. Start [logging sensitive data from network traffic](/MASTG/techniques/android/MASTG-TECH-0100).
 3. Launch and use the app going through the various workflows while inputting sensitive data wherever you can. Especially, places where you know that will trigger network traffic.
 
 ## Observation
@@ -28,4 +28,4 @@ The output should contain a network traffic sensitive data log that includes the
 
 The test case fails if you can find the sensitive data you entered in the app that is not stated in the App Store Privacy declarations.
 
-Note that this test does not provide any code locations where the sensitive data is being sent over the network. In order to identify the code locations, you can use static analysis tools like [semgrep](https://semgrep.dev/) or dynamic analysis tools like [Frida](https://frida.re/).
+Note that this test does not provide any code locations where the sensitive data is being sent over the network. In order to identify the code locations, you can use static analysis tools like [semgrep](https://semgrep.dev/) or dynamic analysis tools like [Frida](/MASTG/tools/MASTG-TOOL-0031).
diff --git a/...-STORAGE/2-prevent-data-leakage/data-in-logs/android-data-in-logs-frida/test.md b/...-STORAGE/2-prevent-data-leakage/data-in-logs/android-data-in-logs-frida/test.md
@@ -13,7 +13,7 @@ On Android platforms, logging APIs like `Log`, `Logger`, `System.out.print`, `Sy
 
 1. Install and run the app.
 2. Navigate to the screen of the mobile app you want to analyse the log output from.
-3. Execute a [method trace](/MASTG/techniques/android/MASTG-TECH-0033) by attaching to the running app, targeting logging APIs and save the output.
+3. Execute a [method trace](/MASTG/techniques/android/MASTG-TECH-0033) (using e.g. [Frida](/MASTG/tools/MASTG-TOOL-0031)) by attaching to the running app, targeting logging APIs and save the output.
 
 ## Observation