MASVS-CRYPTO
Temporary Checklist
This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.
For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.
| MASVS-ID | Platform | Control / MASTG Test | L1 | L2 | R |
|---|---|---|---|---|---|
| MASVS-CRYPTO-1 | The app employs current strong cryptography and uses it according to industry best practices. | ||||
| Testing Random Number Generation | |||||
| Testing the Configuration of Cryptographic Standard Algorithms | |||||
| Testing Symmetric Cryptography | |||||
| Testing Random Number Generation | |||||
| Verifying the Configuration of Cryptographic Standard Algorithms | |||||
| MASVS-CRYPTO-2 | The app performs key management according to industry best practices. | ||||
| Testing the Purposes of Keys | |||||
| Testing Key Management |