MASTG Refactor Part 2 - Techniques, Tools & Reference Apps

We are thrilled to announce the second phase of the MASTG (Mobile Application Security Testing Guide) refactor. These changes aim to enhance the usability and accessibility of the MASTG.

The primary focus of this new refactor is the reorganization of the MASTG content into different components, each housed in its dedicated section/folder and existing now as individual pages in our website (markdown files with metadata/frontmatter in GitHub):

• Tests:

  • Website: Tests section.
  • GitHub: tests/ folder.
  • Identified by IDs in the format MASTG-TEST-XXXX.
  • Includes all tests originally in:
    • 0x05d/0x06d-Testing-Data-Storage.md
    • 0x05e/0x06e-Testing-Cryptography.md
    • 0x05f/0x06f-Testing-Local-Authentication.md
    • 0x05g/0x06g-Testing-Network-Communication.md
    • 0x05h/0x06h-Testing-Platform-Interaction.md
    • 0x05i/0x06i-Testing-Code-Quality-and-Build-Settings.md
    • 0x05j/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md
  • IMPORTANT (TODO): These tests are still the original MASTG v1.6.0 tests. We will progressively split them into smaller tests, the so-called "atomic tests" in MASTG v2 and assign the new MAS profiles accordingly.

• Techniques:

  • Website: Techniques section.
  • GitHub: techniques/ folder.
  • Identified by IDs in the format MASTG-TECH-XXXX.
  • Includes all techniques originally in:
    • 0x05b/0x06b-Basic-Security_Testing.md
    • 0x05c/0x06c-Reverse-Engineering-and-Tampering.md

• Tools:

  • Website: Tools section.
  • GitHub: tools/ folder.
  • Identified by IDs in the format MASTG-TOOL-XXXX.
  • Includes all tools from:
    • 0x08a-Testing-Tools.md

• Apps:

  • Website: Apps section.
  • GitHub: apps/ folder.
  • Identified by IDs in the format MASTG-APP-XXXX.
  • Includes all apps from:
    • 0x08b-Reference-Apps.md

We hope that the revamped structure enables you to navigate the MASTG more efficiently and access the information you need with ease.