Best Practices (v2 Beta)
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
About the MASTG Best Practices
The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps.
Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.
| ID | Title | Platform |
|---|---|---|
| MASTG-BEST-0013 | Disable Content Provider Access in WebViews | |
| MASTG-BEST-0008 | Debugging Disabled for WebViews | |
| MASTG-BEST-0006 | Use Up-to-Date APK Signing Schemes | |
| MASTG-BEST-0012 | Disable JavaScript in WebViews | |
| MASTG-BEST-0001 | Use Secure Random Number Generator APIs | |
| MASTG-BEST-0007 | Debuggable Flag Disabled in the AndroidManifest | |
| MASTG-BEST-0002 | Remove Logging Code | |
| MASTG-BEST-0004 | Exclude Sensitive Data from Backups | |
| MASTG-BEST-0010 | Use Up-to-Date minSdkVersion | |
| MASTG-BEST-0011 | Securely Load File Content in a WebView | |
| MASTG-BEST-0003 | Comply with Privacy Regulations and Best Practices | |
| MASTG-BEST-0005 | Use Secure Encryption Modes | |
| MASTG-BEST-0009 | Use Secure Encryption Algorithms |