MASVS NETWORK

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID Platform Control / MASTG Test L1 L2 R
MASVS-NETWORK-1 The app secures all network traffic according to the current best practices.
platform:android Testing Endpoint Identify Verification profile:L1 profile:L2
platform:android Testing Data Encryption on the Network profile:L1 profile:L2
platform:android Testing the Security Provider profile:L2
platform:android Testing the TLS Settings profile:L1 profile:L2
platform:ios Testing the TLS Settings profile:L1 profile:L2
platform:ios Testing Data Encryption on the Network profile:L1 profile:L2
platform:ios Testing Endpoint Identity Verification profile:L1 profile:L2
MASVS-NETWORK-2 The app performs identity pinning for all remote endpoints under the developer's control.
platform:android Testing Custom Certificate Stores and Certificate Pinning profile:L2
platform:ios Testing Custom Certificate Stores and Certificate Pinning profile:L2