Blog¶

August 23, 2022
1 min read

Project Rebranding to OWASP MAS

Until now our project was called the "OWASP Mobile Security Testing Guide (MSTG)" project. Unfortunately, this was a source of confusion since we happen to have a resource with the same name, the OWASP MSTG. Not only that, that name doesn't reflect the full scope and reach of our project. Have you ever wondered why the MSTG is called MSTG and not MASTG? Both documents are about Mobile Application Security and we'd like to make that clear.

Today we are rebranding our project to "OWASP Mobile App Security (MAS)".

February 7, 2022
1 min read

NIST 800-218 - Recommendations for Mitigating the Risk of Software Vulnerabilities

We're happy to share the new NIST 800-218 (Feb 2022) mapping to the latest MASVS v1.4.2 (Jan 2022) especially MASVS-ARCH and MASVS-CODE:

"Secure Software Development Framework (SSDF) v1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf

November 17, 2021
2 min read

From Slack to GitHub Discussions

Hello everyone,

times change, our project evolves and being able to hear you and discuss with you all is key for the OWASP MSTG project.

TL;DR: we deprecate Slack in favor of GitHub Discussions as our primary communication channel.

https://github.com/OWASP/owasp-mastg/discussions/ https://github.com/OWASP/owasp-masvs/discussions/

May 23, 2020
1 min read

New build system and release upcoming!

As already shared during the virtual Dutch Chapter meetup: we are going to release a new version of the MSTG soon. We have been quite busy with moving it to the new build system first as the document got too large for our old tooling. This is a great incentive as well to think of how we can make the guide more focused so that the size does not matter ;-)

More news on the new release will follow soon...

April 10, 2020
2 min read

Hi everybody,

we are all in more or less restrictive lock-down situations, but the guideline is always #StayHome. This is definitely a challenging time for you, but also us. But luckily it was also never easier to collaborate and share, through so many different tools and platforms.

March 17, 2020
2 min read

International release of MASVS 1.2

A new version of the OWASP Mobile Application Security Standard (MASVS) was released! The MASVS establishes baseline security requirements for mobile apps and summarizes them in one standard. With this new release we achieved a significant alignment and coverage with existing mobile security documents from ENISA, older NIST documents, OWASP Mobile top 10, and others. The new version 1.2 is available in Github Releases: https://github.com/OWASP/owasp-masvs/releases/tag/v1.2. For more details please look into our Release Notes for Version 1.2 and Version 1.2-RC https://github.com/OWASP/owasp-mastg/releases/tag/v1.2.

October 4, 2019
1 min read

Pre-release of MASVS 1.2

We have a pre-release of MASVS Version 1.2. This will be the reference document for further translations.

October 2, 2019
1 min read

MSTG Playground Release

Want more training apps? We hear you! We just released the MSTG-Android-Java & MSTG-Android-Kotlin for Android and the MSTG-JWT app for iOS. Come and check it out at the release page! With special thanks to Sven Schleier (@sushi2k), Wen Bin Kong (@kongwenbin), Nikhil Soni (@nikhil), and Ryan Teoh (@ryantzj).

October 2, 2019
1 min read

MSTG Project joins Hacktoberfest

We are joining the #hacktoberfest October 2-31. Check out our issues at Github. Register at https://hacktoberfest.digitalocean.com.

September 17, 2019
1 min read

Xamarin Experiment

We have launched a react-native experiment based on our compliance checklist. Want to teach others how to validate React Native apps against the MASVS? Check this Google sheet!