Download Latest Version v1.7.0 source code.zip (62.1 MB)
Email in envelope

Get an email when there's a new version of OWASP Mobile Security Testing Guide

Home / v1.6.0
Name Modified Size InfoDownloads / Week
Parent folder
OWASP_MAS_Checklist.xlsx 2023-05-08 2.3 MB
0
OWASP_MASTG.epub 2023-05-08 32.5 MB
0
OWASP_MASTG.pdf 2023-05-08 29.6 MB
0
README.md 2023-05-08 14.8 kB
0
v1.6.0.tar.gz 2023-05-08 72.1 MB
1 1 weekly downloads
v1.6.0.zip 2023-05-08 72.3 MB
0
Totals: 6 Items   208.7 MB 1

Following up on the OWASP MASVS v2.0.0 Release we're excited to announce the release of the new OWASP MASTG version v1.6.0. This update includes a range of new features, including the first phase of the MASTG refactoring, MASVS color-coding, upgraded MAS Checklists (for OWASP MASVS v2.0.0 + MASTG v1.6.0), and much more. See below for a detailed list of changes.

We'd like to thank all of our loyal contributors and welcome our new contributors.

Special thanks to NowSecure for their consistent high-impact contributions to the project, especially for the MASVS refactoring, the OWASP MASTG refactoring, the OWASP MAS website and this MASTG v1.6.0 release and for continuing spreading the word about the OWASP MAS project.

💙 Thanks to dvuln, eShard, OHRUS and devoteam Cyber Trust for their generous donations!


Carlos Holguera, Sven Schleier and Jeroen Beckers - OWASP MAS project


NOTE: the OWASP MASTG v1.6.0 relies on the latest MASVS v2.0.0

Help us improve! questions | ideas | contact


What's Changed

📢 News

Introducing the MASVS v2 Colors

We're bringing official colors to the MASVS! The new colors will be used across the MASVS v2.0.0 and MASTG v2.0.0 to help users quickly identify the different control groups. We've also revamped certain areas of our website to make them more readable and easier to navigate as well as to prepare for what's coming with the MASTSG v2.0.0 (keyword: "atomic tests").

masvs_colors

MASVS

In the MASVS home page, the new colors will be used to highlight the different control groups.

masvs_home

The individual controls will also be color-coded to help users quickly identify the different control groups. We've also redesigned the control pages to make them more readable and easier to navigate.

masvs_control

MASTG

Now, when you navigate to the MASTG tests, you'll see that they are categorized by platform (Android/iOS) as well as by MASVS category, also using our new colors in the sidebar. The colors will also be used to highlight the different control groups in the test description.

Each test now contains a header section indicating the platform, the MASVS v1.5.0 controls, and the MASVS v2.0.0 controls.

mastg_test

We've also introduced a new section called "Resources" which is automatically generated using the inline links within the MASTG pages and serve as a quick reference to the most important resources for each test.

NOTE: The MASTG tests themselves haven't changed yet, we're still working on the refactoring. For now we've simply split the tests into individual pages to make them easier to navigate and reference. This will facilitate the work on the refactoring and the introduction of the new atomic tests.

MAS Checklist

The MAS Checklist pages and the MAS checklist itself have also been updated to use the new colors to highlight the different control groups and to make them easier to navigate.

checklist_home

When you click on a MASVS group you'll see a table listing the new MASVS v2.0.0 controls as well as the corresponding MASTG tests (v1.5.0) for both the Android and the iOS platforms.

checklist_detail

NOTE: The checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles accordingly.


We hope you like the new colors and the changes we've made to the website. We're looking forward to your feedback! Please use our GitHub Discussions to post any questions or ideas you might have. If you see something wrong please let us know by opening a bug issue.

More News

🧪 MASTG Test Cases

📖 MASTG Testing Fundamentals

✨ MASTG Testing Techniques

🪄 MASTG Testing Tools

⚡ Automation

🎉 New Donators

🐞 Errata Corrections

Other Changes

New Contributors

Full Changelog: https://github.com/OWASP/owasp-mastg/compare/v1.5.0...v1.6.0

Source: README.md, updated 2023-05-08