OWASP Developer Guide

Mobile Application Checklist

MAS checklist logo

4.3 Mobile application checklist

The OWASP Mobile Application Security (MAS) flagship project has the mission statement: “Define the industry standard for mobile application security”.

The OWASP MAS project provides the Mobile Application Security Verification Standard (MASVS) for mobile applications and a comprehensive Mobile Application Security Testing Guide (MASTG).

The Mobile Application Security Checklist contains links to the MASTG test cases for each MASVS control.

What is MAS Checklist?

The MAS Checklist provides a checklist that keeps track of the MASTG test cases for a given MASVS control. This MAS Checklist is split out into categories that match the MASVS categories:

In addition to the web links there is a downloadable spreadsheet.

Why use it?

The OWASP MASVS is the industry standard for mobile application security. If the MASTG is being applied to a mobile application then the MAS Checklist is a handy reference that can also be used for compliance purposes.

How to use it

The online version is useful to list the MASVS controls and which MASTG tests apply. Follow the links to access the individual controls and tests.

The spreadsheet download allows the status of each test to be recorded, with a separate sheet for each MASVS category. This record of test results can be used as evidence for compliance purposes.

References


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.

\newpage