Jeroen Willemsen joins as project lead
Jeroen Willemsen has joined as a project leader for the OMTG project.
Blog¶
Mobile Security Testing Guide - Release 1.0
The Mobile Security Testing Guide is now available for download in various formats. This is the first release of the MSTG and is a great community effort. We want to thank all contributors through this great journey. Thank you!
Mobile App Security Verification Standard Release 1.0
Version 1.0 of the MASVS is now available for download. This release contains several bug fixes and modifications to security requirements and is our first release.
Mobile App Security Verification Standard Update
Version 0.9.4 of the MASVS is now available for download. This release contains several bug fixes and modifications to security requirements.
Sponsorship Packages Announced
We are happy to announce that a limited amount of sponsorship packages will be made available shortly through our crowdfunding campaign. With these packages, we offer companies opportunities to create brand awareness and maximize visibility in the mobile security space. 100% of the funds raised go directly into the project budget and will be used to fund production of the final release.
The OWASP Mobile Security Testing Guide - Summit Preview
The MSTG Summit Preview is an experimental proof-of-concept book created on the OWASP Summit 2017 in London. The goal was to improve the authoring process and book deployment pipeline, as well as to demonstrate the viability of the project. Note that the content is not final and will likely change significantly in subsequent releases.
Mobile Security Testing Workshop on the OWASP Summit 2017
The OWASP MSTG team is organizing a 5-days mobile security track on the OWASP Summit 2017. The track consists of a series of book sprints, each of which focuses on producing content for a specific section in the OWASP MSTG, as well as proof-reading and editing the existing content. The goal is to make as much progress on the guide as is humanly possible. Depending on the number of participants, we’ll split into sub-groups to work on different subsections or topic areas.
Mobile App Security Verification Standard Update
Version 0.9.3 of the MASVS is now available for download. This release contains several bug fixes and modifications to security requirements:
- Merged requirements 7.8 and 7.9 into for simplification
- Removed Anti-RE controls 8.1 and 8.2
- Updated MSTG links to current master
- Section "Environmental Interaction" renamed to "Platform Interaction"
- Removed To-dos
- Fixed some wording & spelling issues
Mobile App Security Verification Standard v0.9.2 Available For Download
The Mobile App Security Verification Standard (MASVS) has undergone a major revision, including a re-design of the security model and verification levels. We also revised many security requirements to address the multitude of issues raised on GitHub. The result is MASVS v0.9.2, which is now available for download in PDF format.
Mobile Crackmes and Reversing Tutorials
A key goal of the OWASP Mobile Testing Project is to build the ultimate learning resource and reference guide for mobile app reversers. As hands-on hacking is by far the best way to learn, we'd like to link most of the content to practical examples.
Starting now, we'll be adding crackmes for Android and iOS to the GitHub repo that will then be used as examples throughout the guide. The goal is to collect enough resources for demonstrating the most important tools and techniques in our guide, plus additional crackmes for practicing.