Mobile AppSec Verification Standard (MASVS)

Track:OWASP MSTG
When:Mon PM-1,PM-2,PM-3
Where:Maulden
OrganizersJeroen Beckers Jeroen Beckers
ParticipantsSven Schleier Sven Schleier , Jeroen Willemsen Jeroen Willemsen , Carlos Holguera Carlos Holguera , Gaetano Alboreto Gaetano Alboreto , Paulino Calderon Paulino Calderon , Sean Turner Sean Turner , Sebastian Arriada Sebastian Arriada

Welcome to the OWASP MASVS session!

Why

The MASVS has served as a great basis for the MSTG in terms of providing the right requirements. It has been translated to multiple languages and has been embraced by many parties as a source for security requirements for mobile applications. In order to support the MASVS and allow for easier integration in the SDLC, we have a set of tasks left, which are summarized in milestone 1.1.4 of the project. Note: we do not want to come up with new requirements yet as we rather first try to get the MSTG in sync.

What

In this working session, we want to focus on issues identified in the 1.1.4 milestone of the MASVS. Which you can find at Github. Think of a variety of issues, such as:

If you are keen in doing some coding, you can help out with the following:

The tickets for this working session will cover these topics and contribute to increasing the value, readability and extensability of the MASVS. Which in turn will make it easier to extend it across all languages.

Who

The target audience for this Working Session is:

  • anyone who wants to help out improving the quality of an OWASP project and
  • anybody interest in mobile security.

From experts to beginners. Anybody who is passionate about app mobile security and loves to continuously learn and enjoys sharing knowledge.

What do you need to bring with you?

Minimum required: a laptop :)

The MASVS is hosted in GitHub and can easily be edited by anyone, just a Github account is needed and knowledge on how to create a pull request.

Outcomes

Hopefully a better (en)coded MASVS! And milestone 1.1.4!

References

Register as participant

To register as participant add Mobile AppSec Verification Standard (MASVS) to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions