Skip to content

OWASP MASVS and MASTG Adoption

The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions.

Mobile Platform Providers

Google Android

Since 2021 Google has shown their support for the OWASP Mobile Security project (MASTG/MASVS) and has started providing continuous and high value feedback to the MASVS refactoring process via the App Defense Alliance (ADA) and its MASA (Mobile Application Security Assessment) program.

With MASA, Google has acknowledged the importance of leveraging a globally recognized standard for mobile app security to the mobile app ecosystem. Developers can work directly with an Authorized Lab partner to initiate a security assessment. Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements and will showcase this on their Data safety section.

We thank Google, the ADA and all its members for their support and for their excellent work on protecting the mobile app ecosystem.

Certification Institutions

CREST

CREST is an international not-for-profit, membership body who quality assures its members and delivers professional certifications to the cyber security industry. CREST works with governments, regulators, academe, training partners, professional bodies and other stakeholders around the world.

In August 2022, CREST launched the OWASP Verification Standard (OVS) Programme. CREST OVS sets new standards for application security. Underpinned by OWASP's Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS), CREST is leveraging the open-source community to build and maintain global standards to deliver a global web and mobile application security framework. This will provide assurance to the buying community that developers using CREST OVS accredited providers, always know that they are engaged with ethical and capable organisations with skilled and competent security testers by leveraging the OWASP ASVS and MASVS standards.

We thank CREST for their consulation regarding the OVS programme and its support to the open-source community to build and maintain global cyber security standards.

Standardization Institutions

NIST (National Institute of Standards and Technology, United States)

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals.

BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany)

BSI stands for "Federal Office for Information Security", it has the goal to promote IT security in Germany and is the central IT security service provider for the federal government.

ioXt

The mission of the ioXt Alliance is to build confidence in Internet of Things products through multi-stakeholder, international, harmonized, and standardized security and privacy requirements, product compliance programs, and public transparency of those requirements and programs.

In 2021, ioXt has extended its security principles through the Mobile Application profile, so that app developers can ensure their products are built with, and maintain, high cybersecurity standards such as the OWASP MASVS and the VPN Trust Initiative. The ioXt Mobile Application profile is a security standard that applies to any cloud connected mobile app and provides the much needed market transparency for consumer and commercial mobile app security.

Governmental Institutions

Name Document Year
Government of Singapore, Cyber Security Agency (CSA) Safe App Standard 2024
European Payments Council Payment Threats and Fraud Trends Report 2021
European Payments Council Mobile Initiated SEPA Credit Transfer Interoperability Implementation Guidelines, including SCT Instant (MSCT IIGs) 2019
ENISA (European Union Agency for Cybersecurity) Good Practices for Security of SMART CARS 2019
Government of India, Ministry of Electronics & Information Technology Adoption of Mobile AppSec Verification Standard (MASVS) Version 1.0 of OWASP 2019
Finish Transport and Communication Agency (TRAFICOM) Assessment guideline for electronic identification services (Draft) 2019
Gobierno de España INCIBE Ciberseguridad en Smart Toys 2019

Educational Institutions

Name Document Year
Leibniz Fachhochschule Hannover, Germany Sicherheitsüberprüfung von mobilen iOS Apps nach OWASP (German) 2022
University of Florida, Florida Institute for Cybersecurity Research, United States "SO{U}RCERER : Developer-Driven Security Testing Framework for Android Apps" 2021
University of Adelaide, Australia and Queen Mary University of London, United Kingdom An Empirical Assessment of Global COVID-19 Contact Tracing Applications 2021
School of Information Technology, Mapúa University, Philippines A Vulnerability Assessment on the Parental Control Mobile Applications Security: Status based on the OWASP Security Requirements 2021

Application in Scientific Research

Books

Industry Case Studies

Would you like to contribute with your case study? Connect with us!