Run sed in docker & fix pictures & pagebreaks

Document/0x02-Frontispiece.md

@@ -43,16 +43,26 @@ Copyright © 2021 The OWASP Foundation. This work is licensed under a [Creative
 
 This document started as a fork of the OWASP Application Security Verification Standard written by Jim Manico.
 
-## Sponsors
+### Donators
 
-While both the MASVS and the MSTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our sponsors for providing the funds to be able to hire technical editors. Note that their sponsorship does not influence the content of the MASVS or MSTG in any way. The sponsorship packages are described on the [OWASP Project Wiki](https://owasp.org/www-project-mobile-security-testing-guide/#div-sponsorship "OWASP Mobile Security Testing Guide Sponsorship Packages").
+While both the MASVS and the MSTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MSTG in any way. The Donation Packages are described on the [OWASP Project Wiki](https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide#tab=Sponsorship_Packages "OWASP Mobile Security Testing Guide Donation Packages").
 
-### Honourable Benefactor
+### God Mode Donators
 
-[![NowSecure](images/NowSecure_logo.png)](https://www.nowsecure.com/)
+[OWASP Bay Area Chapter](https://twitter.com/OWASPBayArea?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor "Twitter Bay Area")
 
-### Good Samaritan Benefactor
+#### Honorable Benefactor
 
-[![Randorisec](images/Randorisec_logo.png)](https://www.randorisec.fr/)
+![OWASP MSTG](images/Donators/NowSecure_logo.png) \
 
-Next, we would like to thank the OWASP Bay Area Chapter for their sponsorship. Last, we would like to thank everybody that bought the book from [Leanpub](https://leanpub.com/mobile-security-testing-guide) and sponsored us that way.
+![OWASP MSTG](images/Donators/SEC_Consult_logo.png) \
+
+![OWASP MSTG](images/Donators/ZIMPERIUM_logo.png) \
+
+#### Good Samaritan Benefactor
+
+![OWASP MSTG](images/Donators/Randorisec_logo.png) \
+
+#### Other Donators
+
+We would like to thank everybody that bought the book from [Leanpub](https://leanpub.com/mobile-security-testing-guide) and sponsored us that way.

Document/0x03-Using_the_MASVS.md

@@ -62,8 +62,6 @@ Implementing the requirements of MASVS L2 increases security, while at the same
 
 - All mobile apps. MASVS-L1 lists security best practices that can be followed with a reasonable impact on development cost and user experience. Apply the requirements in MASVS-L1 for any app that don't qualify for one of the higher levels.
 
-<!-- \pagebreak -->
-
 ###### MASVS-L2
 
 - Health-Care Industry: Mobile apps that store personally identifiable information that can be used for identity theft, fraudulent payments, or a variety of fraud schemes. For the US healthcare sector, compliance considerations include the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach Notification Rules and Patient Safety Rule.

Document/0x04-Assessment_and_Certification.md

@@ -16,8 +16,6 @@ It is important to note that the MASVS only covers security of the (client-side)
 
 A certifying organization must include in any report the scope of the verification (particularly if a key component is out of scope), a summary of verification findings, including passed and failed tests, with clear indications of how to resolve the failed tests. Keeping detailed work papers, screenshots or movies, scripts to reliably and repeatedly exploit an issue, and electronic records of testing, such as intercepting proxy logs and associated notes such as a cleanup list, is considered standard industry practice. It is not sufficient to simply run a tool and report on the failures; this does not provide sufficient evidence that all issues at a certifying level have been tested and tested thoroughly. In case of dispute, there should be sufficient supportive evidence to demonstrate that every verified requirement has indeed been tested.
 
-<!-- \pagebreak -->
-
 ### Using the OWASP Mobile Security Testing Guide (MSTG)
 
 The OWASP MSTG is a manual for testing the security of mobile apps. It describes the technical processes for verifying the requirements listed in the MASVS. The MSTG includes a list of test cases, each of which map to a requirement in the MASVS. While the MASVS requirements are high-level and generic, the MSTG provides in-depth recommendations and testing procedures on a per-mobile-OS basis.

Document/0x06-V1-Architecture_design_and_threat_modelling_requireme.md

@@ -25,6 +25,7 @@ The requirements for MASVS-L1 and MASVS-L2 are listed below.
 | **1.11** | MSTG-ARCH-11 | A responsible disclosure policy is in place and effectively applied. |  | x |
 | **1.12** | MSTG-ARCH-12 | The app should comply with privacy laws and regulations. | x | x |
 
+<!-- \pagebreak -->
 ## References
 
 For more information, see also:

Document/0x07-V2-Data_Storage_and_Privacy_requirements.md

@@ -14,6 +14,7 @@ Sensitive data in the context of the MASVS pertains to both user credentials and
 - Highly sensitive data that would lead to reputational harm and/or financial costs if compromised: Contractual information, information covered by non-disclosure agreements, management information;
 - Any data that must be protected by law or for compliance reasons.
 
+<!-- \pagebreak -->
 ## Security Verification Requirements
 
 The vast majority of data disclosure issues can be prevented by following simple rules. Most of the controls listed in this chapter are mandatory for all verification levels.

Document/0x15-V8-Resiliency_Against_Reverse_Engineering_Requirements.md

@@ -34,14 +34,13 @@ The following considerations apply:
 | **8.8** | MSTG-RESILIENCE-8 | The detection mechanisms trigger responses of different types, including delayed and stealthy responses. | x |
 | **8.9** | MSTG-RESILIENCE-9 | Obfuscation is applied to programmatic defenses, which in turn impede de-obfuscation via dynamic analysis.  | x |
 
+<!-- \pagebreak -->
 ### Device Binding
 
 | # | MSTG-ID | Description | R |
 | -- | ----------- | ---------------------- | - |
 | **8.10** | MSTG-RESILIENCE-10 | The app implements a 'device binding' functionality using a device fingerprint derived from multiple properties unique to the device. | x |
 
-<!-- \pagebreak -->
-
 ### Impede Comprehension
 
 | # | MSTG-ID | Description | R |

tools/docker/pandoc_makedocs.sh

@@ -21,11 +21,7 @@ PANDOC_PARAMS+="--metadata version=${VERSION} "
 PANDOCKER="docker run --rm --volume `pwd`:/pandoc ${IMG}:${TAG} ${PANDOC_PARAMS}"
 
 # remove the HTML comment from \pagebreak
-if [[ "$OSTYPE" == "darwin"* ]]; then
-  gsed -i 's#<!-- \(.*\) -->#\1#g' Document*/*.md
-else
-  sed -i 's#<!-- \(.*\) -->#\1#g' Document*/*.md
-fi
+docker run --rm --entrypoint '/bin/sh' --volume `pwd`:/pandoc ${IMG}:${TAG} -c 'sed -i "s#<!-- \(.*\) -->#\1#g" Document/*.md'
 
 # Use pandocker PANDOCKER by default, unless `export PANDOC=pandoc`
 # this is useful for CI, because we can run the script directly inside the container
@@ -34,7 +30,7 @@ PANDOC=${PANDOC:-${PANDOCKER}}
 if [ ${FOLDER} == "Document" ]; then
   LANGUAGE='en'
 else
-  LANGUAGE=$(echo ${FOLDER} | sed 's/Document-//')
+  LANGUAGE=$(echo ${FOLDER} | cut -d '-' -f 2)
 fi
 
 METADATA="Document/metadata.md ${FOLDER}/metadata.md"