Skip to content

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It is meant to be used by mobile software architects and developers seeking to develop secure mobile applications and as a basis for mobile app security testing methodologies. The MASVS lists requirements for both security controls and software p…

License

Notifications You must be signed in to change notification settings

ndoell/owasp-masvs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OWASP Mobile Application Security Verification Standard Twitter Follow Open in Visual Studio Code

Creative Commons License OWASP Flagship Document Build Check Markdown Markup Check Markdown Links

This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios, including:

  • In the SDLC - to establish security requirements to be followed by solution architects and developers;
  • In mobile app penetration tests - to ensure completeness and consistency in mobile app penetration tests;
  • In procurement - as a measuring stick for mobile app security, e.g. in form of questionnaire for vendors;
  • Et cetera.

The MASVS is a sister project of the OWASP Mobile Security Testing Guide.

Getting the MASVS

The latest version of the MASVS is available as PDF, epub and docx and can be downloaded from the releases page. The documents were created by using pandocker.

Want to have the latest snapshot version? Check the latest Github build action. The MASVS is also available in different languages:

Gitbook

Read the English version on Gitbook. The book is automatically synchronized with the main repo.

Create new PDF, EPUB and Word document

These steps were tested on macOS, Kali and Ubuntu 18

You can find the documents on the release page. If you want to generate the documents yourself, execute the following steps:

  • The document creation uses a Docker container, so make sure that you have Docker installed.

  • If using macOS, install gnu-sed via brew.

$ brew install gnu-sed
  • Clone the MASVS repository:
$ git clone https://github.com/OWASP/owasp-masvs/
$ cd owasp-masvs/
  • Run the document generation script for the chosen language with latin-fonts:
$ ./tools/docker/pandoc_makedocs.sh Document-de LATEST
  • "Document-de" specifies the folder of the language that is used to generate the documents. Simply replace it with the language you want to use.

  • "LATEST" is the string that will be printed on the cover.

  • For languages that require non-latin fonts (Chinese, Farsi, Hindi, Japanese, Korean, Russian etc.) the stable-full version of Pandocker is required. You can activate it with the TAG environment variable, like this:

$ TAG=stable-full ./tools/docker/pandoc_makedocs.sh Document-hi LATEST

This produces PDF, EPUB and DOCX files in the root of the project.

Exporting to JSON, XML and CSV

The repository contains a Python tool for converting the requirements into various formats. Clone the repo and run export.py from the tools folder.

export.py [-h] [--format {json,xml,csv}] [--lang {es/ru/en/fr/de/zhtw/ja}]

Suggestions and Feedback

To report and error or suggest an improvement, please create an issue or create a Pull Request.

How to Contribute

The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:

https://owasp.slack.com/messages/project-mobile_omtg/details/

You can sign up here:

https://owasp.slack.com/join/shared_invite/zt-g398htpy-AZ40HOM1WUOZguJKbblqkw#/

Before you start contributing, please check our contribution guide which should get you started.

Read Individual Sections of the MASVS Here

About

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It is meant to be used by mobile software architects and developers seeking to develop secure mobile applications and as a basis for mobile app security testing methodologies. The MASVS lists requirements for both security controls and software p…

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TeX 68.6%
  • Shell 16.6%
  • Python 14.3%
  • sed 0.5%