This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mobile Security Testing Guide"

From OWASP
Jump to: navigation, search
m (Updated classification icon)
m (Co-Authors)
Line 421: Line 421:
  
 
=== Co-Authors ===
 
=== Co-Authors ===
 +
 +
==== Carlos Holguera ====
 +
 +
Carlos is a security engineer leading the mobile penetration testing team at ESCRYPT. He has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.
  
 
==== Romuald Szkudlarek ====
 
==== Romuald Szkudlarek ====
Line 426: Line 430:
 
Romuald is a passionate cyber security & privacy professional with over 15 years of experience in the Web, Mobile, IoT and Cloud domains. During his career, he has been dedicating spare time to a variery of projects with the goal of advancing the sectors of software and security. He is also teaching at various institutions. He holds CISSP, CSSLP and CEH credentials.
 
Romuald is a passionate cyber security & privacy professional with over 15 years of experience in the Web, Mobile, IoT and Cloud domains. During his career, he has been dedicating spare time to a variery of projects with the goal of advancing the sectors of software and security. He is also teaching at various institutions. He holds CISSP, CSSLP and CEH credentials.
  
==== Carlos Holguera ====
+
==== Jeroen Beckers ====
  
Carlos is a security engineer leading the mobile penetration testing team at ESCRYPT. He has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.
+
Jeroen is the mobile security lead at NVISO where he is responsible for quality assurance on mobile security projects and for R&D on all things mobile. He worked as a Flash developer during high school and college, but switched to a career in cybersecurity once he graduated and now has more than 5 years of experience in mobile security. He loves sharing his knowledge with other people, as is demonstrated by his many talks & trainings at colleges, universities, clients and conferences.
  
 
=== Top Contributors ===
 
=== Top Contributors ===

Revision as of 14:40, 15 August 2019

OWASP MSTG Header.jpg
Flagship big.jpg

Our Vision

"Define the industry standard for mobile application security."

We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Main Deliverables

Mstg-cover-release-small2.jpg Mobile Security Testing Guide (MSTG) - 1.1.3 Release

The 1.1.3 Release of the MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:

  1. Mobile platform internals
  2. Security testing in the mobile app development lifecycle
  3. Basic static and dynamic security testing
  4. Mobile app reverse engineering and tampering
  5. Assessing software protections
  6. Detailed test cases that map to the requirements in the MASVS.

You can contribute and comment in the GitHub Repo. An online book version of the current master branch is available on Gitbook.

Feel free to download the ePub or Mobi for $0 or contribute any amount you like. All funds raised through sales of this book go directly into the project budget and will be used to for technical editing and designing the book and fund production of future releases.

Masvs-mini-cover2.jpg Mobile App Security Requirements and Verification

The OWASP Mobile Application Security Verification Standard (MASVS) version 1.1.4 is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.You can find the sources on the Github repo. We now have versions in the folllowing languages: Chinese, English, French, German, Japanese, Russian, and Spanish! Want to get a pdf/mobi/epub of the standard? Check the release page on Github.

Checklist.jpg Mobile App Security Checklist

A checklist for use in security assessments. Also contains links to the MSTG test case for each requirement. The current release is can be found at Github in English, French, Spanish and Japanese.


Classifications

Flagship Project Owasp-builders-small.png
Owasp-breakers-small.png
Owasp-defenders-small.png
CC-License-4.0.png
Project Type Files DOC.jpg

Project Leaders

Sven Schleier

Jeroen Willemsen

Training

Presentations

Licensing

The guide is licensed under the Creative Commons Attribution-ShareAlike 4.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.