| layout | title | tags | level | url | type | pitch |
|---|---|---|---|---|---|---|
col-sidebar |
OWASP Mobile Security Testing Guide |
mstg |
4 |
documentation |
The OWASP Mobile Security Testing Guide project consists of a series of documents that establish a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. |
We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
The MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:
- Mobile platform internals
- Security testing in the mobile app development lifecycle
- Basic static and dynamic security testing
- Mobile app reverse engineering and tampering
- Assessing software protections
- Detailed test cases that map to the requirements in the MASVS.
You can contribute and comment in the GitHub Repo. An online book version of the current master branch is available on Gitbook.
Feel free to download the EPUB or Mobi for $0 or contribute any amount you like. All funds raised through sales of this book go directly into the project budget and will be used to for technical editing and designing the book and fund production of future releases.
The OWASP Mobile Application Security Verification Standard (MASVS) is, as the name implies, a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.
You can contribute and comment in the GitHub Repo. An online book version of the current master branch is available on Gitbook.
We now have versions in the following languages:
- Chinese (traditional)
- Chinese (simplified)
- English
- French
- German
- Japanese
- Korean
- Russian
- Spanish
Want to get a PDF/Mobi/EPUB of the standard? Check the release page on Github.
A checklist is available for use in security assessments that is based on the MASVS and MSTG and contains links to the MSTG test case for each requirement. The current release can be found at Github in English, French, Spanish and Japanese.
Below you can find a list of upcoming and previous talks:
- Ekoparty Security Conference, September 2020 - (Spanish) OWASP Mobile Project and how to use it for white hat hacking: Recording, Slides
- OWASP Dutch Virtual chapther meetup, May 2020 recording/livestream
- OWASP New Zealand Day, February 2020 - Building Secure Mobile Apps (you don’t have to learn it the hard way!)
- iOS Conf Singapore, January 2020 - Building Secure iOS Apps (you don’t have to learn it the hard way!) Slides, Video
- OWASP AppSec Day Melbourne, October 2019 - Fixing Mobile AppSec Video
- OWASP Global AppSec Amsterdam, September 2019 - Fast Forwarding mobile security with the OWASP Mobile Security Testing Guide
- r2con in Barcelona, September 2019 - radare2 and Frida in the OWASP Mobile Security Testing Guide
- Open Security summit 2019 - Outcomes
- OWASP Kyiv, April 2019 - OWASP MSTG in real life
- AppDevcon (Amsterdam), March 2019 - Securing your mobile app with the OWASP Mobile Security Testing Guide
- OWASP BeNeLux days 2018 - Fast forwarding mobile security with the MSTG, November 2018
- OWASP Germany days 2018 - Introduction to Mobile Security Testing, November 2018
- DBS AppSecCon (Singapore) - Fixing Mobile AppSec, October 2018
- OWASP Bay Area Chapter - Mobile Testing Workshop, October 2018
- OWASP AppSec USA - Fixing Mobile AppSec, October 2018
- CSC 2018 - A Perspective on Mobile Security in IoT and how OWASP can Help
- OWASP North Sweden Umea - Mobile Security Essentials
- OWASP Gotentburg - Mobile Security Essentials Introduction into OMTG and All about the keying material
- OWASP Day Indonesia 2017 - Fixing Mobile AppSec
- Confidence (Krakow, Poland) - Pawel Rzepa - Testing Mobile Applications
- OWASP AppSec EU 2017 - Fixing Mobile AppSec - Slides, Video