This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). It started as a fork of ethicalhack3r's Markdown version of the OWASP ASVS 3.0. The MASVS can be used to establish a level of confidence in the security of mobile apps. The MASVS is intended to be used in the following ways:
- Use as a metric - To provide application developers and application owners with a framework wich allows to measure the security, and thus the degree of trust that can be placed in their mobile applications.
- Use as guidance - To provide guidance in regards to security controls necessary to implement in order to satisfy application security requirements
- Use during procurement - Provide a baseline for mobile app security verification requirements.
To report and error or suggest an improvement, please create an issue.
The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:
https://owasp.slack.com/messages/project-mobile_omtg/details/
You can # here:
To add or edit content, simply fork the repository and make your changes, then create a pull request when you are finished. We'll review the changes before we merge them with the master branch in the main repo. In case there's conflicting opinions, we'll create an issue for discussing the changes.
- Header
- Acknowledgements
- Preface
- Using the Mobile Application Security Verification Standard
- Assessment and Verification
- Detailed Verification Requirements
- V1: Architecture, Design and Threat Modelling Requirements
- V2: Data Storage and Privacy Requirements
- V3: Cryptography Verification Requirements
- [V4: Authentication and Session Management Requirements](Document/0x09-V4-Authentication_and_Session_Management Requirements.md)
- V5: Network Communication Requirements
- V6: Environmental Interaction Requirements
- V7: Code Quality and Build Setting Requirements
- [V8: Resiliency Against Reverse Engineering Requirements](Document/0x14-V8-Resiliency_Against_Reverse_Engineering Requirements.md)
- Appendix A: Glossary
- Appendix B: References
- Appendix C: Standards Mappings