New MASTG Tests (Beta)

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

About the MASTG Tests

The MASTG "Atomic Tests" are a new addition to the MAS project. They are a collection of small, individual tests that can be used to assess the security and privacy of a mobile application. Each test is designed to be simple and focused on a single issue. The goal is to make it easier for developers and security professionals to identify and fix issues in their mobile applications.

Tests are organized into categories based on the OWASP MASVS and have a weakness assigned from the OWASP MASWE.

Each test includes:

  • Overview: A brief description of the test.
  • Steps: A set of steps to follow to identify the weakness in a mobile application.
  • Observation: A description of the results of running the test against an application.
  • Evaluation: Specific instructions for evaluating the results of the test.

Each test comes with a collection of demos that demonstrate the weakness in a sample application. These demos are written in markdown and are located in the Demos section of the MASTG.

ID Title Platform Weakness Type
MASTG-TEST-0206 Sensitive Data in Network Traffic Capture platform:android MASWE-0108 ['dynamic', 'network']
MASTG-TEST-0205 Non-random Sources Usage platform:android MASWE-0027 ['static']
MASTG-TEST-0204 Insecure Random API Usage platform:android MASWE-0027 ['static']
MASTG-TEST-0200 Files Written to External Storage platform:android MASWE-0007 ['dynamic']
MASTG-TEST-0202 References to APIs and Permissions for Accessing External Storage platform:android MASWE-0007 ['static']
MASTG-TEST-0203 Leakage of Sensitive Data via Logging APIs platform:android MASWE-0001 ['dynamic']
MASTG-TEST-0201 Runtime Use of APIs to Access External Storage platform:android MASWE-0007 ['dynamic']
MASTG-TEST-0207 Data Stored in the App Sandbox at Runtime platform:android MASWE-0006 ['dynamic', 'filesystem']