MASVS-AUTH Refactoring (till 24.07.22) #649
Replies: 1 comment 1 reply
-
I'm really excited about these changes. I think it greatly simplifies and distills the AUTH requirements. These issues can directly translate into pass/fail findings for mobile apps, which I think is what this standard should focus on. I'm also very glad to see the local authentication requirement. Regarding Local Authentication - many popular applications today such as Facebook, Snapchat, and Gmail don't implement a local authentication requirement. Under this new standard, these apps would be considered to be failing an L1 MASVS security requirement, right? I'm not implying that there's something right or wrong about that, just wanted to make sure I'm understanding the situation correctly. |
Beta Was this translation helpful? Give feedback.
-
Hello everybody,
as part of the refactoring process we decided to publish our draft of every section of the MASVS that we (@cpholguera, @TheDauntless and @sushi2k) worked on.
This is based on the MASVS category "V4: Authentication and Session Management Requirements" (from the MASVS Version 1.4.2): https://github.com/OWASP/owasp-masvs/blob/v1.4.2/Document/0x09-V4-Authentication_and_Session_Management_Requirements.md
Here you can find a summary of the proposed new requirements (more details below):
In the following link we include a nice visualization as a diff spreadsheet including:
MASVS-AUTH Refactoring Diff
Beta Was this translation helpful? Give feedback.
All reactions