Owasp Masvs
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Cheatsheetseries | 23,307 | a day ago | 25 | other | Python | |||||
| The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. | ||||||||||
| Mobile Security Framework Mobsf | 13,703 | 3 days ago | 9 | January 23, 2022 | 16 | gpl-3.0 | JavaScript | |||
| Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | ||||||||||
| Zaproxy | 10,664 | 3 | 4 | 14 hours ago | 8 | December 11, 2021 | 741 | apache-2.0 | Java | |
| The OWASP ZAP core project | ||||||||||
| Juice Shop | 7,899 | 12 hours ago | 1 | January 15, 2019 | 6 | mit | TypeScript | |||
| OWASP Juice Shop: Probably the most modern and sophisticated insecure web application | ||||||||||
| Awesome Appsec | 5,418 | 2 months ago | 24 | mit | PHP | |||||
| A curated list of resources for learning about application security | ||||||||||
| Wstg | 5,400 | 13 days ago | 53 | cc-by-sa-4.0 | Dockerfile | |||||
| The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. | ||||||||||
| Dependencycheck | 4,960 | 31 | 8 | 10 hours ago | 106 | September 14, 2022 | 365 | apache-2.0 | Java | |
| OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. | ||||||||||
| Whatweb | 4,416 | 6 months ago | 40 | gpl-2.0 | Ruby | |||||
| Next generation web scanner | ||||||||||
| Awesome Web Hacking | 4,260 | 6 months ago | 1 | mit | ||||||
| A list of web application security | ||||||||||
| Retire.js | 3,225 |  | 2,122 | 148 | 17 days ago | 102 | September 14, 2022 | 18 | other | JavaScript |
| scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds. | ||||||||||
OWASP Mobile Application Security Verification Standard (MASVS)
NEW❗ The MASVS 2.0.0 is already available as a spreadsheet. We're currently working on updating this page and the related documents. Learn more about the refactoring process here.
This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios. You can use it:
- As a metric - To provide a security standard against which existing mobile apps can be compared by developers and application owners.
- As guidance - To provide guidance during all phases of mobile app development and testing.
- During procurement - To provide a baseline for mobile app security verification.
The MASVS is a sister project of the OWASP Mobile Application Security Testing Guide.
- ⬇️ Download the latest PDF
- ✅ Get the latest Mobile App Security Checklists
- ⚡ Contribute!
- 💥 Play with our Crackmes
Trusted by ...
The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. Learn more.
🥇 MAS Advocates
MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. Learn more.
Connect with Us
GitHub Discussions-
#project-mobile_omtg (Get Invitation) -
@OWASP_MAS (Official Account) -
@bsd_daemon (Sven Schleier, Project Lead) @grepharder (Carlos Holguera, Project Lead)
How to Contribute
The MASVS is an open source effort and we welcome all kinds of contributions and feedback.
Help us improve & join our community:
Contribute with content:
- 💡 Propose ideas or suggest improvements (if it qualifies we'll promote it to an Issue)
- 📄 Create a Pull Request for concrete fixes (e.g. grammar/typos) or content already approved by the core team.
Before you start contributing, please check our contribution guide which should get you started. If you have any doubts please contact us.
MASVS Translations
The MASVS is available in different languages:
- Chinese (Simplified) - ZHCN
- Chinese (Traditional) - ZHTW
- English
- French
- German
- Hindi
- Japanese
- Korean
- Persian
- Portuguese (Brazil)
- Portuguese (Portugal)
- Russian
- Spanish
- Turkish
- Greek
Other Formats
See the latest release. Else you can export it yourself in other formats.
Table-of-Contents
- Foreword
- Frontispiece
- The Mobile Application Security Verification Standard
- Assessment and Verification
- V1: Architecture, Design and Threat Modeling Requirements
- V2: Data Storage and Privacy Requirements
- V3: Cryptography Requirements
- V4: Authentication and Session Management Requirements
- V5: Network Communication Requirements
- V6: Environmental Interaction Requirements
- V7: Code Quality and Build Setting Requirements
- V8: Resiliency Against Reverse Engineering Requirements
- Appendix A: Glossary
- Appendix B: References
- Release notes
