OWASP Mobile Application Security
Our Mission
βDefine the industry standard for mobile application security.β
The OWASP Mobile Application Security (MAS) flagship project provides a security and privacy standard for mobile apps (OWASP MASVS), a collection of mobile app-specific weaknesses (OWASP MASWE) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
All the information about OWASP MAS can be found in the official website. There you can also read both the MASVS and the MASTG.
Trusted by β¦
The OWASP MASVS, MASWE and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. Learn more.
π₯ MAS Advocates
MAS Advocates are industry adopters of the OWASP MASVS, MASWE and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. Learn more.
Main Deliverables
OWASP MASVS
The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.
GitHub Repo- π Read it
- β¬οΈ Download the PDF
OWASP MASWE
The OWASP Mobile Application Security Weakness Enumeration (MASWE) is a list of common security and privacy weaknesses in mobile applications. It is intended to be used as a reference for developers, security researchers, and security professionals. It acts as the bridge between the OWASP MASVS and the OWASP MASTG.
- GitHub Repo
- π Read it
OWASP MASTG
Previously known as OWASP MSTG (Mobile Security Testing Guide)
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile application security testing. A fundamental learning resource for both beginners and professionals covering a variety of topics from mobile OS internals to advanced reverse engineering techniques.
It also provides an exhaustive set of test cases to be used for verifying the controls listed in the OWASP MASVS, including all relevant guidance and detailed information about the technical processes, techniques and tools.
- GitHub Repo
- π Read it
Mobile Application Security Checklist
The Mobile Application Security Checklist can be used to apply the MASVS controls during security assessments as it conveniently links to the corresponding MASTG test cases.
Its features include:
- Unifies all MASVS categories into a single sheet
- Traceable via exact MASVS and MASTG versions and commit IDs
- Always up to date with the latest MASTG and MASVS versions
- Enables user to add more columns or sheets as needed
Donators
While both the MASVS and the MASTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to support us on our project activities. The Donation Packages are described on the Donation page.
The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters. Donations do not influence the content of the MASVS or MASTG in any way.
Presentations
You can find a list of our talks in our Talks page in GitHub.
Project Information
- Flagship Project
Classification
- Documentation
Audience
- Builder
- Breaker
- Defender
Downloads
More
Licensing
Leaders
- Carlos Holguera (Twitter: @grepharder)
- Sven Schleier (Twitter: @bsd_daemon)
Past Leaders
- Jeroen Willemsen
- Bernhard Mueller