This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mobile Security Testing Guide"

From OWASP
Jump to: navigation, search
m
(Updated releases page)
Line 18: Line 18:
 
   |-
 
   |-
 
   | [[File:mstg-mini-3.jpg|link=https://www.github.com/OWASP/owasp-mstg/]]
 
   | [[File:mstg-mini-3.jpg|link=https://www.github.com/OWASP/owasp-mstg/]]
   | '''Mobile Security Testing Guide (MSTG) - 1.0 Release'''
+
   | '''Mobile Security Testing Guide (MSTG) - 1.0.1 Release'''
The 1.0 Release of the MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:
+
The 1.0.1 Release of the MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:
 
# Mobile platform internals
 
# Mobile platform internals
 
# Security testing in the mobile app development lifecycle
 
# Security testing in the mobile app development lifecycle
Line 31: Line 31:
  
 
  |-
 
  |-
   | [[File:masvs-sample-mini.jpg|link=https://www.owasp.org/images/6/61/MASVS_v0.9.4.pdf]]
+
   | [[File:masvs-sample-mini.jpg|link=https://github.com/OWASP/owasp-masvs/releases/download/1.1/OWASP_Mobile_AppSec_Verification_Standard_v1.1.pdf]]
 
   |  '''Mobile App Security Requirements and Verification'''
 
   |  '''Mobile App Security Requirements and Verification'''
The [https://www.owasp.org/images/6/61/MASVS_v0.9.4.pdf OWASP Mobile Application Security Verification Standard (MASVS)] is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results. The latest release is [https://github.com/OWASP/owasp-masvs/releases/download/1.0/OWASP_Mobile_AppSec_Verification_Standard_v1.0.pdf version 1.0]. We also offer a [https://github.com/OWASP/owasp-masvs/releases/tag/1.0-ES Spanish translation].
+
The [https://github.com/OWASP/owasp-masvs/releases/download/1.1/OWASP_Mobile_AppSec_Verification_Standard_v1.1.pdf OWASP Mobile Application Security Verification Standard (MASVS)] is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results. The latest release is [https://github.com/OWASP/owasp-masvs/releases/download/1.1/OWASP_Mobile_AppSec_Verification_Standard_v1.1.pdf version 1.1]. We also offer a [https://github.com/OWASP/owasp-masvs/releases/download/1.1-RU/OWASP_Mobile_AppSec_Verification_Standard_v1.1-RU.pdf Russian translation] and a [https://github.com/OWASP/owasp-masvs/releases/download/1.0-ES/OWASP_Mobile_AppSec_Verification_Standard_v1.0-ES.pdf Spanish translation].
 
   |-
 
   |-
 
   | [[File:checklist.jpg|link=https://www.owasp.org/images/1/1b/Mobile_App_Security_Checklist_0.9.3.xlsx]]
 
   | [[File:checklist.jpg|link=https://www.owasp.org/images/1/1b/Mobile_App_Security_Checklist_0.9.3.xlsx]]

Revision as of 06:29, 22 September 2018

OWASP MSTG Header.jpg

Our Vision

"Define the industry standard for mobile application security."

We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Main Deliverables

Mstg-mini-3.jpg Mobile Security Testing Guide (MSTG) - 1.0.1 Release

The 1.0.1 Release of the MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:

  1. Mobile platform internals
  2. Security testing in the mobile app development lifecycle
  3. Basic static and dynamic security testing
  4. Mobile app reverse engineering and tampering
  5. Assessing software protections
  6. Detailed test cases that map to the requirements in the MASVS.

You can contribute and comment in the GitHub Repo. An online book version of the current master branch is available on Gitbook.

Feel free to download the ePub for $0 or contribute any amount you like. All funds raised through sales of this book go directly into the project budget and will be used to for technical editing and designing the book and fund production of future releases.

Masvs-sample-mini.jpg Mobile App Security Requirements and Verification

The OWASP Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results. The latest release is version 1.1. We also offer a Russian translation and a Spanish translation.

Checklist.jpg Mobile App Security Checklist

A checklist for use in security assessments. Also contains links to the MSTG test case for each requirement. The current release is version 1.0.


Classifications

Incubator Project Owasp-builders-small.png
Owasp-breakers-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Project Leaders

Sven Schleier

Jeroen Willemsen

Training

Presentations

  • OWASP Bay Chapter - Mobile Testing Workshop, October 2018
  • OWASP AppSec USA - Fixing Mobile AppSec, October 2018
  • OWASP North Sweden Umea - Mobile Security Essentials, 17.01.2018
  • OWASP Gotentburg - Mobile Security Essentials, 16.01.2018
  • OWASP Day Indonesia 2017 - Fixing Mobile AppSec, 09.09.2017
  • Confidence (Krakow, Poland) - Pawel Rzepa - Testing Mobile Applications
  • OWASP AppSec EU 2017 - Fixing Mobile AppSec - Slides, Video

Parent Project

OWASP_Mobile_Security_Project

Licensing

The guide is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.