Conference:  Global AppSec Dublin 2023

Authors: Sven Schleier

2023-02-16

There are numerous ways of developing mobile apps today, but how do you ensure that your app is properly secured? What are the threats you should be concerned about and what can you do to avoid being an easy target? If you don't want to miss anything, leveraging a standard is essential. Google understands this very well and since April 2022 acknowledges developers who had their apps independently validated against the OWASP MASVS. In this talk we'll introduce you to the OWASP MASVS (Mobile Application Security Verification Standard), which works together with the OWASP MASTG (Mobile App Security Testing Guide) to help you understand the attack surface of mobile apps, how to exploit them and how to protect them and the transitioning into version 2.0. Both resources are crafted and are curated by a team of numerous experts and community contributors. Want to secure your mobile apps? See you there!

Conference:  Global AppSec San Francisco 2022

Authors: Josh Grossman

2022-11-18

2022 will be remembered as a milestone in the progression of the OWASP Application Security Verification Standard (ASVS) as well as the Mobile version (MASVS). Not only are two major releases in the pipeline for the end of the year (5.0 and 2.0 respectively) but this is also the year that industry stands up, takes notice and starts expecting more from applications, based on these standards.In this talk, the ASVS project leadership will take you through these key developments including what you should expect from the upcoming version 5.0 of the ASVS and how you can be involved in their final release. This will also be a chance to hear first-hand about a new programme where you will see the SVSs being more widely used and required and how you can prepare your organizations for this significant impact this will have, whether you are developing applications or you are assessing them.

Conference:  Global AppSec San Francisco 2022

Authors: Sven Schleier

2022-11-18

There are numerous ways of developing mobile apps today, but how do you ensure that security is part of the development process? What are the attacks you should be concerned about and what can you do to avoid being an easy target? If you don't want to miss anything, leveraging a standard is essential. The Mobile AppSec Verification Standard (MASVS) offers exactly that. It works together with the agile written Mobile Security Testing Guide (MSTG) to help you understand the attack surface of mobile apps, how to exploit them and how to protect them. Both resources are crafted and are curated by a team of numerous experts and community contributors. In this talk we will make a deep dive into the upcoming changes of both projects and the transitioning into version 2.0. We are sharing the current status of the refactoring of the OWASP MASVS and the MSTG and what we were able to automate to get rid of manual processes and have more time focusing on the content! Want to secure your mobile apps? See you there!Detailed Outline- Introduction into the OWASP MASVS and MSTG - Reasoning for refactoring of the MASVS and re-structuring of the test cases in the MSTG- Status of refactoring and restructuring for MASVS and MSTG- Explaining OSCAL as a way to create profiles that can be utilised in the MASVS- Automation initiatives through Github Actions; all done in minutes without manual intervention (hands-free)- Releases of the OWASP MASVS in over a dozen languages and various file formats- Releases of the OWASP MSTG in various file formats- Releases of the Checklists in all MASVS languages generated from both the MASVS and MSTG.- Involvement of the community through Github discussions and encourage feedback and being transparent in our changes before releasing version 2.0