The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Python Shell
Clone or download
Pull request Compare This branch is 654 commits ahead of ethicalhack3r:master.
Latest commit e44ba0d Jul 16, 2018

README.md

OWASP Mobile Application Security Verification Standard

This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios, including:

  • In the SDLC - to establish security requirements to be followed by solution architects and developers;
  • In mobile app penetration tests - to ensure completeness and consistency in mobile app penetration tests;
  • In procurement - as a measuring stick for mobile app security, e.g. in form of questionnaire for vendors;
  • Et cetera.

Thee MASVS is a sister project of the OWASP Mobile Security Testing Guide.

Getting the MASVS

PDF downloads are available on the Releases page. The current release is MASVS version 1.1. The MASVS is also available in Spanish.

Gitbook

Read it on Gitbook. The book is automatically synchronized with the main repo.

Creating ePub

You can use the gitbook command line tool to generate PDF, epub, and other e-book formats, once you have checked out this repo. To generate the epub version you can use the following command

$ gitbook epub ./ MASVS.epub

Creating a Word Doc

Run generate_document.sh from the repository root directory. This will create a word document in the same directory. Requires pandoc.

Exporting to JSON, XML and CSV

The repository contains a Python tool for converting the requirements into various formats. Clone the repo and run export.py from the repository root.

export.py [-h] [--format {json,xml,csv}]

Suggestions and Feedback

To report and error or suggest an improvement, please create an issue.

How to Contribute

The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:

https://owasp.slack.com/messages/project-mobile_omtg/details/

You can sign up here:

http://owasp.herokuapp.com/

To add or edit content, simply fork the repository and make your changes, then create a pull request when you are finished. We'll review the changes before we merge them with the master branch in the main repo. In case there's conflicting opinions, we'll create an issue for discussing the changes.

Read Individual Sections of the MASVS Here