logo

“Mobile Wanderlust”! Our journey to Version 2.0!

2022-11-18

Authors:   Sven Schleier


Abstract

There are numerous ways of developing mobile apps today, but how do you ensure that security is part of the development process? What are the attacks you should be concerned about and what can you do to avoid being an easy target? If you don't want to miss anything, leveraging a standard is essential. The Mobile AppSec Verification Standard (MASVS) offers exactly that. It works together with the agile written Mobile Security Testing Guide (MSTG) to help you understand the attack surface of mobile apps, how to exploit them and how to protect them. Both resources are crafted and are curated by a team of numerous experts and community contributors. In this talk we will make a deep dive into the upcoming changes of both projects and the transitioning into version 2.0. We are sharing the current status of the refactoring of the OWASP MASVS and the MSTG and what we were able to automate to get rid of manual processes and have more time focusing on the content! Want to secure your mobile apps? See you there!Detailed Outline- Introduction into the OWASP MASVS and MSTG - Reasoning for refactoring of the MASVS and re-structuring of the test cases in the MSTG- Status of refactoring and restructuring for MASVS and MSTG- Explaining OSCAL as a way to create profiles that can be utilised in the MASVS- Automation initiatives through Github Actions; all done in minutes without manual intervention (hands-free)- Releases of the OWASP MASVS in over a dozen languages and various file formats- Releases of the OWASP MSTG in various file formats- Releases of the Checklists in all MASVS languages generated from both the MASVS and MSTG.- Involvement of the community through Github discussions and encourage feedback and being transparent in our changes before releasing version 2.0

Materials: