title | layout | tags | contributors | document | order | permalink |
---|---|---|---|---|---|---|
Mobile Application Checklist |
col-document |
OWASP Developer Guide |
Jon Gadsden |
OWASP Developer Guide |
640 |
/draft/design/mas_checklist/ |
{% include breadcrumb.html %}
The OWASP Mobile Application Security (MAS) flagship project has the mission statement: "Define the industry standard for mobile application security".
The MAS project covers the processes, techniques, and tools used for security testing a mobile application, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The OWASP MAS project provides the Mobile Application Security Verification Standard (MASVS) for mobile applications and a comprehensive Mobile Application Security Testing Guide (MASTG).
The Mobile Application Security Checklist contains links to the MASTG test cases for each MASVS control.
The MAS Checklist provides a checklist that keeps track of the MASTG test cases for each MASVS control, and the checklist is split out into categories that match the MASVS categories:
- MASVS-STORAGE sensitive data storage
- MASVS-CRYPTO cryptography best practices
- MASVS-AUTH authentication and authorization mechanisms
- MASVS-NETWORK network communications
- MASVS-PLATFORM interactions with the mobile platform
- MASVS-CODE platform and data entry points along with third-party software
- MASVS-RESILIENCE integrity and running on a trusted platform
In addition to the web links there is a downloadable spreadsheet.
If the MASTG is being applied to a mobile application then the MAS Checklist is a handy reference that can also be used for compliance purposes.
The online version is useful to list the MASVS controls and which MASTG tests apply. Follow the links to access the individual controls and tests.
The spreadsheet download allows the status of each test to be recorded, with a separate sheet for each MASVS category. This record of test results can be used as evidence for compliance purposes.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.
\newpage