This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mobile Security Testing Guide"

From OWASP
Jump to: navigation, search
(Added Presentations)
(Change Date of Presentation)
Line 83: Line 83:
  
 
== Presentations ==
 
== Presentations ==
* OWASP Day Indonesia 2017 - Fixing Mobile AppSec, 08.09.017
+
* OWASP Day Indonesia 2017 - Fixing Mobile AppSec, 09.09.017
 
* Confidence (Krakow, Poland) - Slides
 
* Confidence (Krakow, Poland) - Slides
 
* OWASP AppSec EU 2017 - [http://sched.co/A66j Fixing Mobile AppSec] - [https://2017.appsec.eu/presos/Developer/Fixing%20Mobile%20AppSec%20The%20OWASP%20Mobile%20Project-%20Bernhard%20Mueller%20and%20Sven%20Schleier%20-%20OWASP_AppSec-Eu_2017.pdf Slides], [https://www.youtube.com/watch?v=THJVzf-u7Iw Video]  
 
* OWASP AppSec EU 2017 - [http://sched.co/A66j Fixing Mobile AppSec] - [https://2017.appsec.eu/presos/Developer/Fixing%20Mobile%20AppSec%20The%20OWASP%20Mobile%20Project-%20Bernhard%20Mueller%20and%20Sven%20Schleier%20-%20OWASP_AppSec-Eu_2017.pdf Slides], [https://www.youtube.com/watch?v=THJVzf-u7Iw Video]  

Revision as of 23:02, 9 July 2017

OWASP MSTG Header.jpg

Our Vision

"Define the industry standard for mobile application security."

We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Early-Access Ebook

Early-access-mini.jpg Mobile Security Testing Guide - Early Access

The early access edition contains sample chapters with content on mobile security testing and reverse engineering. Feel free to download it for $0 or contribute any amount you like. All funds raised through sales of this book go directly into the project budget and will be used to fund production of the final release.

Main Deliverables

Mstg-mini-3.jpg Mobile Security Testing Guide

A comprehensive guide for iOS and Android mobile security testers with the following content:

  1. Mobile platform internals
  2. Security testing in the mobile app development lifecycle
  3. Basic static and dynamic security testing
  4. Mobile app reverse engineering and tampering
  5. Assessing software protections
  6. Detailed test cases that map to the requirements in the MASVS.

The MSTG is a work-in-progress. Currently, we hope to be "feature-complete" in Q3 2017. You can contribute and comment in the GitHub Repo. A book version of the current master branch is available on Gitbook.

Masvs-sample-mini.jpg Mobile App Security Requirements and Verification

The OWASP Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results. The latest release is version 0.9.3.

Checklist.jpg Mobile App Security Checklist

A checklist for use in security assessments. Also contains links to the MSTG test case for each requirement. The current release is version 0.9.3.


Classifications

Owasp-breakers-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Project Leaders

Bernhard Mueller

Sven Schleier

Road Map

  • Q3 2017: Beta release
  • Q4 2017: Version 1.0
  • Q1 2018: Produce A Printable Book

Presentations

  • OWASP Day Indonesia 2017 - Fixing Mobile AppSec, 09.09.017
  • Confidence (Krakow, Poland) - Slides
  • OWASP AppSec EU 2017 - Fixing Mobile AppSec - Slides, Video

Parent Project

OWASP_Mobile_Security_Project

Licensing

The guide is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.