Skip to content
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Shell Python
Branch: master
Clone or download
Latest commit c6d3cf9 Dec 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Document-de Fixed linter errors Dec 21, 2019
Document-es fixed final md issue Dec 22, 2019
Document-fr fixed script for korean and fixed spanish and french tables Dec 21, 2019
Document-ja added Abderrahmane Aftahi and Eugen Martynov to contributors Dec 21, 2019
Document-ko added Abderrahmane Aftahi and Eugen Martynov to contributors Dec 21, 2019
Document-ru added Abderrahmane Aftahi and Eugen Martynov to contributors Dec 21, 2019
Document-zhtw Fixed linter errors Dec 21, 2019
Document added Abderrahmane Aftahi and Eugen Martynov to contributors Dec 21, 2019
tools updated instructions Dec 23, 2019
.gitbook.yaml changes for gitbook May 17, 2019
.gitignore #223: use Generated only Jun 4, 2019
.markdownlinkcheck.json #211: first step in adding better doc generation support May 31, 2019
.markdownlint.json Lint JA Jun 3, 2019
.travis.yml Updated travis.yml to support korean Dec 21, 2019
CHANGELOG.md Updated releasenotes Oct 5, 2019
CODE_OF_CONDUCT.md Updated scripts for release of new languages and version 1.2 Dec 21, 2019
CONTRIBUTING.md fixed feedback from @TheDauntless Jul 23, 2019
LANGS.md added other changes for generating langauges Dec 21, 2019
License.md Much more linting Jun 3, 2019
PULL_REQUEST_TEMPLATE.md #218: fixed feedback @Dauntless Jun 3, 2019
README.md Merge pull request #353 from OWASP/prerelease-1.2 Dec 23, 2019
book.json final script fixes and debug statements Dec 22, 2019

README.md

OWASP Mobile Application Security Verification Standard Twitter Follow

Creative Commons License OWASP Flagship Build Status

This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios, including:

  • In the SDLC - to establish security requirements to be followed by solution architects and developers;
  • In mobile app penetration tests - to ensure completeness and consistency in mobile app penetration tests;
  • In procurement - as a measuring stick for mobile app security, e.g. in form of questionnaire for vendors;
  • Et cetera.

The MASVS is a sister project of the OWASP Mobile Security Testing Guide.

Getting the MASVS

PDF/Mobi/Epub/Docx downloads are available on the Releases page. The current release of the MASVS is version 1.1.4. The MASVS is also available in different languages:

Gitbook

Read it on Gitbook. The book is automatically synchronized with the main repo.

Create new PDF, Epub or Mobi

You can find the documents in the release page. If you want to generate the documents yourself, execute the following steps. Clone the repository and run the gitbook generator. This produces PDF, Epub and Mobi files in the "Generated" subdirectory.

$ git clone https://github.com/OWASP/owasp-masvs/
$ cd owasp-masvs/tools/
$ ./gitbookepubandpdf.sh LATEST

Create Word documents

Clone the repository and run the document generator (requires pandoc). This produces docx and HTML files in the "Generated" subdirectory.

$ git clone https://github.com/OWASP/owasp-masvs/
$ cd owasp-mstg/tools/
$ ./generate_document.sh

Exporting to JSON, XML and CSV

The repository contains a Python tool for converting the requirements into various formats. Clone the repo and run export.py from the tools folder.

export.py [-h] [--format {json,xml,csv}] [--lang {es/ru/en/fr/de/zhtw/ja}]

Suggestions and Feedback

To report and error or suggest an improvement, please create an issue or create a Pull Request.

How to Contribute

The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:

https://owasp.slack.com/messages/project-mobile_omtg/details/

You can sign up here:

https://owasp.slack.com/

Before you start contributing, please check our contribution guide which should get you started.

Read Individual Sections of the MASVS Here

You can’t perform that action at this time.