MASVS CODE

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID Platform Control / MASTG Test L1 L2 R
MASVS-CODE-1 The app requires an up-to-date platform version.
MASVS-CODE-2 The app has a mechanism for enforcing app updates.
platform:android Testing Enforced Updating profile:L2
platform:ios Testing Enforced Updating profile:L2
MASVS-CODE-3 The app only uses software components without known vulnerabilities.
platform:android Checking for Weaknesses in Third Party Libraries profile:L1 profile:L2
platform:ios Checking for Weaknesses in Third Party Libraries profile:L1 profile:L2
MASVS-CODE-4 The app validates and sanitizes all untrusted inputs.
platform:android Testing for URL Loading in WebViews profile:L1 profile:L2
platform:android Memory Corruption Bugs profile:L1 profile:L2
platform:android Testing for Injection Flaws profile:L1 profile:L2
platform:android Testing Object Persistence profile:L1 profile:L2
platform:android Testing Implicit Intents profile:L1 profile:L2
platform:android Make Sure That Free Security Features Are Activated profile:L1 profile:L2
platform:android Testing Local Storage for Input Validation profile:L1 profile:L2
platform:ios Memory Corruption Bugs profile:L1 profile:L2
platform:ios Make Sure That Free Security Features Are Activated profile:L1 profile:L2
platform:ios Testing Object Persistence profile:L1 profile:L2