MASVS-CODE
Temporary Checklist
This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.
For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.
| MASVS-ID | Platform | Control / MASTG Test | L1 | L2 | R |
|---|---|---|---|---|---|
| MASVS-CODE-1 | The app requires an up-to-date platform version. | ||||
| MASVS-CODE-2 | The app has a mechanism for enforcing app updates. | ||||
| Testing Enforced Updating | |||||
| Testing Enforced Updating | |||||
| MASVS-CODE-3 | The app only uses software components without known vulnerabilities. | ||||
| Checking for Weaknesses in Third Party Libraries | |||||
| Checking for Weaknesses in Third Party Libraries | |||||
| MASVS-CODE-4 | The app validates and sanitizes all untrusted inputs. | ||||
| Testing for Injection Flaws | |||||
| Testing Object Persistence | |||||
| Memory Corruption Bugs | |||||
| Testing Local Storage for Input Validation | |||||
| Testing Implicit Intents | |||||
| Testing for URL Loading in WebViews | |||||
| Make Sure That Free Security Features Are Activated | |||||
| Testing Object Persistence | |||||
| Memory Corruption Bugs | |||||
| Make Sure That Free Security Features Are Activated |