Mobile App Security Verification Standard Update
Version 0.9.4 of the MASVS is now available for download. This release contains several bug fixes and modifications to security requirements.
2017¶
Sponsorship Packages Announced
We are happy to announce that a limited amount of sponsorship packages will be made available shortly through our crowdfunding campaign. With these packages, we offer companies opportunities to create brand awareness and maximize visibility in the mobile security space. 100% of the funds raised go directly into the project budget and will be used to fund production of the final release.
The OWASP Mobile Security Testing Guide - Summit Preview
The MSTG Summit Preview is an experimental proof-of-concept book created on the OWASP Summit 2017 in London. The goal was to improve the authoring process and book deployment pipeline, as well as to demonstrate the viability of the project. Note that the content is not final and will likely change significantly in subsequent releases.
Mobile Security Testing Workshop on the OWASP Summit 2017
The OWASP MSTG team is organizing a 5-days mobile security track on the OWASP Summit 2017. The track consists of a series of book sprints, each of which focuses on producing content for a specific section in the OWASP MSTG, as well as proof-reading and editing the existing content. The goal is to make as much progress on the guide as is humanly possible. Depending on the number of participants, we’ll split into sub-groups to work on different subsections or topic areas.
Mobile App Security Verification Standard Update
Version 0.9.3 of the MASVS is now available for download. This release contains several bug fixes and modifications to security requirements:
- Merged requirements 7.8 and 7.9 into for simplification
- Removed Anti-RE controls 8.1 and 8.2
- Updated MSTG links to current master
- Section "Environmental Interaction" renamed to "Platform Interaction"
- Removed To-dos
- Fixed some wording & spelling issues
Mobile App Security Verification Standard v0.9.2 Available For Download
The Mobile App Security Verification Standard (MASVS) has undergone a major revision, including a re-design of the security model and verification levels. We also revised many security requirements to address the multitude of issues raised on GitHub. The result is MASVS v0.9.2, which is now available for download in PDF format.
Mobile Crackmes and Reversing Tutorials
A key goal of the OWASP Mobile Testing Project is to build the ultimate learning resource and reference guide for mobile app reversers. As hands-on hacking is by far the best way to learn, we'd like to link most of the content to practical examples.
Starting now, we'll be adding crackmes for Android and iOS to the GitHub repo that will then be used as examples throughout the guide. The goal is to collect enough resources for demonstrating the most important tools and techniques in our guide, plus additional crackmes for practicing.
Mobile Testing Guide TOC Available
As of now, we'll be auto-generating a table of contents out of the current MSTG master branch. This reflects the current state of the guide, and should make it easier to coordinate work between authors. A short-term goal is to finalize the structure of the guide so we get a clearer picture of what will be included in the final document. Lead authors are encouraged to complete the outline of their respective chapters.