MASTG Tests (v1)
ID | Title | Platform | MASVS v2 ID | MASVS v1 IDs | Status |
---|---|---|---|---|---|
MASTG-TEST-0064 | Testing Local Authentication | MASVS-AUTH-2 | MSTG-AUTH-8 MSTG-STORAGE-11 |
current | |
MASTG-TEST-0081 | Making Sure that the App Is Properly Signed | MASVS-RESILIENCE-2 | MSTG-CODE-1 | deprecated | |
MASTG-TEST-0090 | Testing File Integrity Checks | MASVS-RESILIENCE-2 | MSTG-RESILIENCE-3 MSTG-RESILIENCE-11 |
current | |
MASTG-TEST-0083 | Testing for Debugging Symbols | MASVS-RESILIENCE-3 | MSTG-CODE-3 | deprecated | |
MASTG-TEST-0092 | Testing Emulator Detection | MASVS-RESILIENCE-1 | MSTG-RESILIENCE-5 | current | |
MASTG-TEST-0091 | Testing Reverse Engineering Tools Detection | MASVS-RESILIENCE-4 | MSTG-RESILIENCE-4 | current | |
MASTG-TEST-0093 | Testing Obfuscation | MASVS-RESILIENCE-3 | MSTG-RESILIENCE-9 | current | |
MASTG-TEST-0084 | Testing for Debugging Code and Verbose Error Logging | MASVS-RESILIENCE-3 | MSTG-CODE-4 | current | |
MASTG-TEST-0082 | Testing whether the App is Debuggable | MASVS-RESILIENCE-4 | MSTG-CODE-2 | current | |
MASTG-TEST-0089 | Testing Anti-Debugging Detection | MASVS-RESILIENCE-4 | MSTG-RESILIENCE-2 | current | |
MASTG-TEST-0088 | Testing Jailbreak Detection | MASVS-RESILIENCE-1 | MSTG-RESILIENCE-1 | current | |
MASTG-TEST-0063 | Testing Random Number Generation | MASVS-CRYPTO-1 | MSTG-CRYPTO-6 | current | |
MASTG-TEST-0061 | Verifying the Configuration of Cryptographic Standard Algorithms | MASVS-CRYPTO-1 | MSTG-CRYPTO-2 MSTG-CRYPTO-3 |
current | |
MASTG-TEST-0062 | Testing Key Management | MASVS-CRYPTO-2 | MSTG-CRYPTO-1 MSTG-CRYPTO-5 |
current | |
MASTG-TEST-0055 | Finding Sensitive Data in the Keyboard Cache | MASVS-STORAGE-2 | MSTG-STORAGE-5 | current | |
MASTG-TEST-0052 | Testing Local Data Storage | MASVS-STORAGE-1 | MSTG-STORAGE-1 MSTG-STORAGE-2 |
current | |
MASTG-TEST-0058 | Testing Backups for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-8 | current | |
MASTG-TEST-0054 | Determining Whether Sensitive Data Is Shared with Third Parties | MASVS-STORAGE-2 | MSTG-STORAGE-4 | current | |
MASTG-TEST-0060 | Testing Memory for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-10 | current | |
MASTG-TEST-0053 | Checking Logs for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-3 | current | |
MASTG-TEST-0057 | Checking for Sensitive Data Disclosed Through the User Interface | MASVS-PLATFORM-3 | MSTG-STORAGE-7 | current | |
MASTG-TEST-0072 | Testing App Extensions | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0075 | Testing Custom URL Schemes | MASVS-PLATFORM-1 | MSTG-PLATFORM-3 | current | |
MASTG-TEST-0076 | Testing iOS WebViews | MASVS-PLATFORM-2 | MSTG-PLATFORM-5 | current | |
MASTG-TEST-0071 | Testing UIActivity Sharing | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0073 | Testing UIPasteboard | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0078 | Determining Whether Native Methods Are Exposed Through WebViews | MASVS-PLATFORM-2 | MSTG-PLATFORM-7 | current | |
MASTG-TEST-0077 | Testing WebView Protocol Handlers | MASVS-PLATFORM-2 | MSTG-PLATFORM-6 | current | |
MASTG-TEST-0070 | Testing Universal Links | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0069 | Testing App Permissions | MASVS-PLATFORM-1 | MSTG-PLATFORM-1 | current | |
MASTG-TEST-0056 | Determining Whether Sensitive Data Is Exposed via IPC Mechanisms | MASVS-PLATFORM-1 | MSTG-STORAGE-6 | current | |
MASTG-TEST-0059 | Testing Auto-Generated Screenshots for Sensitive Information | MASVS-PLATFORM-3 | MSTG-STORAGE-9 | current | |
MASTG-TEST-0066 | Testing the TLS Settings | MASVS-NETWORK-1 | MSTG-NETWORK-2 | current | |
MASTG-TEST-0067 | Testing Endpoint Identity Verification | MASVS-NETWORK-1 | MSTG-NETWORK-3 | current | |
MASTG-TEST-0065 | Testing Data Encryption on the Network | MASVS-NETWORK-1 | MSTG-NETWORK-1 | current | |
MASTG-TEST-0068 | Testing Custom Certificate Stores and Certificate Pinning | MASVS-NETWORK-2 | MSTG-NETWORK-4 | current | |
MASTG-TEST-0079 | Testing Object Persistence | MASVS-CODE-4 | MSTG-PLATFORM-8 | current | |
MASTG-TEST-0086 | Memory Corruption Bugs | MASVS-CODE-4 | MSTG-CODE-8 | current | |
MASTG-TEST-0080 | Testing Enforced Updating | MASVS-CODE-2 | MSTG-ARCH-9 | current | |
MASTG-TEST-0085 | Checking for Weaknesses in Third Party Libraries | MASVS-CODE-3 | MSTG-CODE-5 | current | |
MASTG-TEST-0087 | Make Sure That Free Security Features Are Activated | MASVS-CODE-4 | MSTG-CODE-9 | deprecated | |
MASTG-TEST-0017 | Testing Confirm Credentials | MASVS-AUTH-2 | MSTG-AUTH-1 MSTG-STORAGE-11 |
current | |
MASTG-TEST-0018 | Testing Biometric Authentication | MASVS-AUTH-2 | MSTG-AUTH-8 | current | |
MASTG-TEST-0046 | Testing Anti-Debugging Detection | MASVS-RESILIENCE-4 | MSTG-RESILIENCE-2 | current | |
MASTG-TEST-0050 | Testing Runtime Integrity Checks | MASVS-RESILIENCE-2 | MSTG-RESILIENCE-6 | current | |
MASTG-TEST-0040 | Testing for Debugging Symbols | MASVS-RESILIENCE-3 | MSTG-CODE-3 | current | |
MASTG-TEST-0041 | Testing for Debugging Code and Verbose Error Logging | MASVS-RESILIENCE-3 | MSTG-CODE-4 | current | |
MASTG-TEST-0051 | Testing Obfuscation | MASVS-RESILIENCE-3 | MSTG-RESILIENCE-9 | current | |
MASTG-TEST-0048 | Testing Reverse Engineering Tools Detection | MASVS-RESILIENCE-4 | MSTG-RESILIENCE-4 | current | |
MASTG-TEST-0049 | Testing Emulator Detection | MASVS-RESILIENCE-1 | MSTG-RESILIENCE-5 | current | |
MASTG-TEST-0039 | Testing whether the App is Debuggable | MASVS-RESILIENCE-4 | MSTG-CODE-2 | deprecated | |
MASTG-TEST-0045 | Testing Root Detection | MASVS-RESILIENCE-1 | MSTG-RESILIENCE-1 | current | |
MASTG-TEST-0047 | Testing File Integrity Checks | MASVS-RESILIENCE-2 | MSTG-RESILIENCE-3 | current | |
MASTG-TEST-0038 | Making Sure that the App is Properly Signed | MASVS-RESILIENCE-2 | MSTG-CODE-1 | deprecated | |
MASTG-TEST-0015 | Testing the Purposes of Keys | MASVS-CRYPTO-2 | MSTG-CRYPTO-5 | current | |
MASTG-TEST-0016 | Testing Random Number Generation | MASVS-CRYPTO-1 | MSTG-CRYPTO-6 | current | |
MASTG-TEST-0014 | Testing the Configuration of Cryptographic Standard Algorithms | MASVS-CRYPTO-1 | MSTG-CRYPTO-2 MSTG-CRYPTO-3 MSTG-CRYPTO-4 |
current | |
MASTG-TEST-0013 | Testing Symmetric Cryptography | MASVS-CRYPTO-1 | MSTG-CRYPTO-1 | deprecated | |
MASTG-TEST-0012 | Testing the Device-Access-Security Policy | MASVS-STORAGE-1 | MSTG-STORAGE-11 | current | |
MASTG-TEST-0005 | Determining Whether Sensitive Data Is Shared with Third Parties via Notifications | MASVS-STORAGE-2 | MSTG-STORAGE-4 | current | |
MASTG-TEST-0003 | Testing Logs for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-3 | deprecated | |
MASTG-TEST-0004 | Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services | MASVS-STORAGE-2 | MSTG-STORAGE-4 | current | |
MASTG-TEST-0009 | Testing Backups for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-8 | current | |
MASTG-TEST-0011 | Testing Memory for Sensitive Data | MASVS-STORAGE-2 | MSTG-STORAGE-10 | current | |
MASTG-TEST-0006 | Determining Whether the Keyboard Cache Is Disabled for Text Input Fields | MASVS-STORAGE-2 | MSTG-STORAGE-5 | current | |
MASTG-TEST-0001 | Testing Local Storage for Sensitive Data | MASVS-STORAGE-1 | MSTG-STORAGE-1 MSTG-STORAGE-2 |
deprecated | |
MASTG-TEST-0010 | Finding Sensitive Information in Auto-Generated Screenshots | MASVS-PLATFORM-3 | MSTG-STORAGE-9 | current | |
MASTG-TEST-0028 | Testing Deep Links | MASVS-PLATFORM-1 | MSTG-PLATFORM-3 | current | |
MASTG-TEST-0031 | Testing JavaScript Execution in WebViews | MASVS-PLATFORM-2 | MSTG-PLATFORM-5 | current | |
MASTG-TEST-0032 | Testing WebView Protocol Handlers | MASVS-PLATFORM-2 | MSTG-PLATFORM-6 | current | |
MASTG-TEST-0030 | Testing for Vulnerable Implementation of PendingIntent | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0037 | Testing WebViews Cleanup | MASVS-PLATFORM-2 | MSTG-PLATFORM-10 | current | |
MASTG-TEST-0029 | Testing for Sensitive Functionality Exposure Through IPC | MASVS-PLATFORM-1 | MSTG-PLATFORM-4 | current | |
MASTG-TEST-0035 | Testing for Overlay Attacks | MASVS-PLATFORM-3 | MSTG-PLATFORM-9 | current | |
MASTG-TEST-0008 | Checking for Sensitive Data Disclosure Through the User Interface | MASVS-PLATFORM-3 | MSTG-STORAGE-7 | current | |
MASTG-TEST-0033 | Testing for Java Objects Exposed Through WebViews | MASVS-PLATFORM-2 | MSTG-PLATFORM-7 | current | |
MASTG-TEST-0024 | Testing for App Permissions | MASVS-PLATFORM-1 | MSTG-PLATFORM-1 | current | |
MASTG-TEST-0007 | Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms | MASVS-PLATFORM-1 | MSTG-STORAGE-6 | current | |
MASTG-TEST-0023 | Testing the Security Provider | MASVS-NETWORK-1 | MSTG-NETWORK-6 | current | |
MASTG-TEST-0020 | Testing the TLS Settings | MASVS-NETWORK-1 | MSTG-NETWORK-2 | deprecated | |
MASTG-TEST-0019 | Testing Data Encryption on the Network | MASVS-NETWORK-1 | MSTG-NETWORK-1 | deprecated | |
MASTG-TEST-0021 | Testing Endpoint Identify Verification | MASVS-NETWORK-1 | MSTG-NETWORK-3 | current | |
MASTG-TEST-0022 | Testing Custom Certificate Stores and Certificate Pinning | MASVS-NETWORK-2 | MSTG-NETWORK-4 | current | |
MASTG-TEST-0025 | Testing for Injection Flaws | MASVS-CODE-4 | MSTG-PLATFORM-2 | current | |
MASTG-TEST-0034 | Testing Object Persistence | MASVS-CODE-4 | MSTG-PLATFORM-8 | current | |
MASTG-TEST-0043 | Memory Corruption Bugs | MASVS-CODE-4 | MSTG-CODE-8 | current | |
MASTG-TEST-0042 | Checking for Weaknesses in Third Party Libraries | MASVS-CODE-3 | MSTG-CODE-5 | current | |
MASTG-TEST-0002 | Testing Local Storage for Input Validation | MASVS-CODE-4 | MSTG-PLATFORM-2 | current | |
MASTG-TEST-0026 | Testing Implicit Intents | MASVS-CODE-4 | MSTG-PLATFORM-2 | current | |
MASTG-TEST-0027 | Testing for URL Loading in WebViews | MASVS-CODE-4 | MSTG-PLATFORM-2 | current | |
MASTG-TEST-0044 | Make Sure That Free Security Features Are Activated | MASVS-CODE-4 | MSTG-CODE-9 | deprecated | |
MASTG-TEST-0036 | Testing Enforced Updating | MASVS-CODE-2 | MSTG-ARCH-9 | current |