MASTG Tests (v1)

ID Title Platform MASVS v2 ID MASVS v1 IDs Status
MASTG-TEST-0064 Testing Local Authentication platform:ios MASVS-AUTH-2 MSTG-AUTH-8
MSTG-STORAGE-11
current
MASTG-TEST-0081 Making Sure that the App Is Properly Signed platform:ios MASVS-RESILIENCE-2 MSTG-CODE-1 deprecated
MASTG-TEST-0090 Testing File Integrity Checks platform:ios MASVS-RESILIENCE-2 MSTG-RESILIENCE-3
MSTG-RESILIENCE-11
current
MASTG-TEST-0083 Testing for Debugging Symbols platform:ios MASVS-RESILIENCE-3 MSTG-CODE-3 deprecated
MASTG-TEST-0092 Testing Emulator Detection platform:ios MASVS-RESILIENCE-1 MSTG-RESILIENCE-5 current
MASTG-TEST-0091 Testing Reverse Engineering Tools Detection platform:ios MASVS-RESILIENCE-4 MSTG-RESILIENCE-4 current
MASTG-TEST-0093 Testing Obfuscation platform:ios MASVS-RESILIENCE-3 MSTG-RESILIENCE-9 current
MASTG-TEST-0084 Testing for Debugging Code and Verbose Error Logging platform:ios MASVS-RESILIENCE-3 MSTG-CODE-4 current
MASTG-TEST-0082 Testing whether the App is Debuggable platform:ios MASVS-RESILIENCE-4 MSTG-CODE-2 current
MASTG-TEST-0089 Testing Anti-Debugging Detection platform:ios MASVS-RESILIENCE-4 MSTG-RESILIENCE-2 current
MASTG-TEST-0088 Testing Jailbreak Detection platform:ios MASVS-RESILIENCE-1 MSTG-RESILIENCE-1 current
MASTG-TEST-0063 Testing Random Number Generation platform:ios MASVS-CRYPTO-1 MSTG-CRYPTO-6 current
MASTG-TEST-0061 Verifying the Configuration of Cryptographic Standard Algorithms platform:ios MASVS-CRYPTO-1 MSTG-CRYPTO-2
MSTG-CRYPTO-3
current
MASTG-TEST-0062 Testing Key Management platform:ios MASVS-CRYPTO-2 MSTG-CRYPTO-1
MSTG-CRYPTO-5
current
MASTG-TEST-0055 Finding Sensitive Data in the Keyboard Cache platform:ios MASVS-STORAGE-2 MSTG-STORAGE-5 current
MASTG-TEST-0052 Testing Local Data Storage platform:ios MASVS-STORAGE-1 MSTG-STORAGE-1
MSTG-STORAGE-2
current
MASTG-TEST-0058 Testing Backups for Sensitive Data platform:ios MASVS-STORAGE-2 MSTG-STORAGE-8 current
MASTG-TEST-0054 Determining Whether Sensitive Data Is Shared with Third Parties platform:ios MASVS-STORAGE-2 MSTG-STORAGE-4 current
MASTG-TEST-0060 Testing Memory for Sensitive Data platform:ios MASVS-STORAGE-2 MSTG-STORAGE-10 current
MASTG-TEST-0053 Checking Logs for Sensitive Data platform:ios MASVS-STORAGE-2 MSTG-STORAGE-3 current
MASTG-TEST-0057 Checking for Sensitive Data Disclosed Through the User Interface platform:ios MASVS-PLATFORM-3 MSTG-STORAGE-7 current
MASTG-TEST-0072 Testing App Extensions platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0075 Testing Custom URL Schemes platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-3 current
MASTG-TEST-0076 Testing iOS WebViews platform:ios MASVS-PLATFORM-2 MSTG-PLATFORM-5 current
MASTG-TEST-0071 Testing UIActivity Sharing platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0073 Testing UIPasteboard platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0078 Determining Whether Native Methods Are Exposed Through WebViews platform:ios MASVS-PLATFORM-2 MSTG-PLATFORM-7 current
MASTG-TEST-0077 Testing WebView Protocol Handlers platform:ios MASVS-PLATFORM-2 MSTG-PLATFORM-6 current
MASTG-TEST-0070 Testing Universal Links platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0069 Testing App Permissions platform:ios MASVS-PLATFORM-1 MSTG-PLATFORM-1 current
MASTG-TEST-0056 Determining Whether Sensitive Data Is Exposed via IPC Mechanisms platform:ios MASVS-PLATFORM-1 MSTG-STORAGE-6 current
MASTG-TEST-0059 Testing Auto-Generated Screenshots for Sensitive Information platform:ios MASVS-PLATFORM-3 MSTG-STORAGE-9 current
MASTG-TEST-0066 Testing the TLS Settings platform:ios MASVS-NETWORK-1 MSTG-NETWORK-2 current
MASTG-TEST-0067 Testing Endpoint Identity Verification platform:ios MASVS-NETWORK-1 MSTG-NETWORK-3 current
MASTG-TEST-0065 Testing Data Encryption on the Network platform:ios MASVS-NETWORK-1 MSTG-NETWORK-1 current
MASTG-TEST-0068 Testing Custom Certificate Stores and Certificate Pinning platform:ios MASVS-NETWORK-2 MSTG-NETWORK-4 current
MASTG-TEST-0079 Testing Object Persistence platform:ios MASVS-CODE-4 MSTG-PLATFORM-8 current
MASTG-TEST-0086 Memory Corruption Bugs platform:ios MASVS-CODE-4 MSTG-CODE-8 current
MASTG-TEST-0080 Testing Enforced Updating platform:ios MASVS-CODE-2 MSTG-ARCH-9 current
MASTG-TEST-0085 Checking for Weaknesses in Third Party Libraries platform:ios MASVS-CODE-3 MSTG-CODE-5 current
MASTG-TEST-0087 Make Sure That Free Security Features Are Activated platform:ios MASVS-CODE-4 MSTG-CODE-9 deprecated
MASTG-TEST-0017 Testing Confirm Credentials platform:android MASVS-AUTH-2 MSTG-AUTH-1
MSTG-STORAGE-11
current
MASTG-TEST-0018 Testing Biometric Authentication platform:android MASVS-AUTH-2 MSTG-AUTH-8 current
MASTG-TEST-0046 Testing Anti-Debugging Detection platform:android MASVS-RESILIENCE-4 MSTG-RESILIENCE-2 current
MASTG-TEST-0050 Testing Runtime Integrity Checks platform:android MASVS-RESILIENCE-2 MSTG-RESILIENCE-6 current
MASTG-TEST-0040 Testing for Debugging Symbols platform:android MASVS-RESILIENCE-3 MSTG-CODE-3 current
MASTG-TEST-0041 Testing for Debugging Code and Verbose Error Logging platform:android MASVS-RESILIENCE-3 MSTG-CODE-4 current
MASTG-TEST-0051 Testing Obfuscation platform:android MASVS-RESILIENCE-3 MSTG-RESILIENCE-9 current
MASTG-TEST-0048 Testing Reverse Engineering Tools Detection platform:android MASVS-RESILIENCE-4 MSTG-RESILIENCE-4 current
MASTG-TEST-0049 Testing Emulator Detection platform:android MASVS-RESILIENCE-1 MSTG-RESILIENCE-5 current
MASTG-TEST-0039 Testing whether the App is Debuggable platform:android MASVS-RESILIENCE-4 MSTG-CODE-2 deprecated
MASTG-TEST-0045 Testing Root Detection platform:android MASVS-RESILIENCE-1 MSTG-RESILIENCE-1 current
MASTG-TEST-0047 Testing File Integrity Checks platform:android MASVS-RESILIENCE-2 MSTG-RESILIENCE-3 current
MASTG-TEST-0038 Making Sure that the App is Properly Signed platform:android MASVS-RESILIENCE-2 MSTG-CODE-1 deprecated
MASTG-TEST-0015 Testing the Purposes of Keys platform:android MASVS-CRYPTO-2 MSTG-CRYPTO-5 current
MASTG-TEST-0016 Testing Random Number Generation platform:android MASVS-CRYPTO-1 MSTG-CRYPTO-6 current
MASTG-TEST-0014 Testing the Configuration of Cryptographic Standard Algorithms platform:android MASVS-CRYPTO-1 MSTG-CRYPTO-2
MSTG-CRYPTO-3
MSTG-CRYPTO-4
current
MASTG-TEST-0013 Testing Symmetric Cryptography platform:android MASVS-CRYPTO-1 MSTG-CRYPTO-1 deprecated
MASTG-TEST-0012 Testing the Device-Access-Security Policy platform:android MASVS-STORAGE-1 MSTG-STORAGE-11 current
MASTG-TEST-0005 Determining Whether Sensitive Data Is Shared with Third Parties via Notifications platform:android MASVS-STORAGE-2 MSTG-STORAGE-4 current
MASTG-TEST-0003 Testing Logs for Sensitive Data platform:android MASVS-STORAGE-2 MSTG-STORAGE-3 deprecated
MASTG-TEST-0004 Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services platform:android MASVS-STORAGE-2 MSTG-STORAGE-4 current
MASTG-TEST-0009 Testing Backups for Sensitive Data platform:android MASVS-STORAGE-2 MSTG-STORAGE-8 current
MASTG-TEST-0011 Testing Memory for Sensitive Data platform:android MASVS-STORAGE-2 MSTG-STORAGE-10 current
MASTG-TEST-0006 Determining Whether the Keyboard Cache Is Disabled for Text Input Fields platform:android MASVS-STORAGE-2 MSTG-STORAGE-5 current
MASTG-TEST-0001 Testing Local Storage for Sensitive Data platform:android MASVS-STORAGE-1 MSTG-STORAGE-1
MSTG-STORAGE-2
deprecated
MASTG-TEST-0010 Finding Sensitive Information in Auto-Generated Screenshots platform:android MASVS-PLATFORM-3 MSTG-STORAGE-9 current
MASTG-TEST-0028 Testing Deep Links platform:android MASVS-PLATFORM-1 MSTG-PLATFORM-3 current
MASTG-TEST-0031 Testing JavaScript Execution in WebViews platform:android MASVS-PLATFORM-2 MSTG-PLATFORM-5 current
MASTG-TEST-0032 Testing WebView Protocol Handlers platform:android MASVS-PLATFORM-2 MSTG-PLATFORM-6 current
MASTG-TEST-0030 Testing for Vulnerable Implementation of PendingIntent platform:android MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0037 Testing WebViews Cleanup platform:android MASVS-PLATFORM-2 MSTG-PLATFORM-10 current
MASTG-TEST-0029 Testing for Sensitive Functionality Exposure Through IPC platform:android MASVS-PLATFORM-1 MSTG-PLATFORM-4 current
MASTG-TEST-0035 Testing for Overlay Attacks platform:android MASVS-PLATFORM-3 MSTG-PLATFORM-9 current
MASTG-TEST-0008 Checking for Sensitive Data Disclosure Through the User Interface platform:android MASVS-PLATFORM-3 MSTG-STORAGE-7 current
MASTG-TEST-0033 Testing for Java Objects Exposed Through WebViews platform:android MASVS-PLATFORM-2 MSTG-PLATFORM-7 current
MASTG-TEST-0024 Testing for App Permissions platform:android MASVS-PLATFORM-1 MSTG-PLATFORM-1 current
MASTG-TEST-0007 Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms platform:android MASVS-PLATFORM-1 MSTG-STORAGE-6 current
MASTG-TEST-0023 Testing the Security Provider platform:android MASVS-NETWORK-1 MSTG-NETWORK-6 current
MASTG-TEST-0020 Testing the TLS Settings platform:android MASVS-NETWORK-1 MSTG-NETWORK-2 deprecated
MASTG-TEST-0019 Testing Data Encryption on the Network platform:android MASVS-NETWORK-1 MSTG-NETWORK-1 deprecated
MASTG-TEST-0021 Testing Endpoint Identify Verification platform:android MASVS-NETWORK-1 MSTG-NETWORK-3 current
MASTG-TEST-0022 Testing Custom Certificate Stores and Certificate Pinning platform:android MASVS-NETWORK-2 MSTG-NETWORK-4 current
MASTG-TEST-0025 Testing for Injection Flaws platform:android MASVS-CODE-4 MSTG-PLATFORM-2 current
MASTG-TEST-0034 Testing Object Persistence platform:android MASVS-CODE-4 MSTG-PLATFORM-8 current
MASTG-TEST-0043 Memory Corruption Bugs platform:android MASVS-CODE-4 MSTG-CODE-8 current
MASTG-TEST-0042 Checking for Weaknesses in Third Party Libraries platform:android MASVS-CODE-3 MSTG-CODE-5 current
MASTG-TEST-0002 Testing Local Storage for Input Validation platform:android MASVS-CODE-4 MSTG-PLATFORM-2 current
MASTG-TEST-0026 Testing Implicit Intents platform:android MASVS-CODE-4 MSTG-PLATFORM-2 current
MASTG-TEST-0027 Testing for URL Loading in WebViews platform:android MASVS-CODE-4 MSTG-PLATFORM-2 current
MASTG-TEST-0044 Make Sure That Free Security Features Are Activated platform:android MASVS-CODE-4 MSTG-CODE-9 deprecated
MASTG-TEST-0036 Testing Enforced Updating platform:android MASVS-CODE-2 MSTG-ARCH-9 current