OWASP MASVS
What is OWASP MASVS?
OWASP MASVSThe OWASP Mobile Application Security Verification Standard, a baseline of testable security requirements for iOS and Android mobile applications.
The OWASP Mobile Application Security Verification Standard (MASVS) is the mobile counterpart of ASVS. It defines security and privacy requirements for native and hybrid mobile apps grouped into controls covering storage, cryptography, authentication and session management, network communication, platform interaction, code quality, resilience against reverse engineering, and privacy. The current MASVS v2 model uses profiles (MASVS-L1 baseline, MASVS-L2 defense in depth, MASVS-R for apps requiring resilience). It is paired with the Mobile Application Security Testing Guide (MASTG) and Mobile Application Security Checklists (MAS Checklist) for concrete test procedures, and is referenced by app store reviews, banking and health regulators, and bug-bounty programs.
● Examples
- 01
A banking app team aligning their development backlog with MASVS-L2 to satisfy a national regulator.
- 02
A mobile pentest scoped against MASTG and reported using MASVS v2 control IDs.
● Frequently asked questions
What is OWASP MASVS?
The OWASP Mobile Application Security Verification Standard, a baseline of testable security requirements for iOS and Android mobile applications. It belongs to the Compliance & Frameworks category of cybersecurity.
What does OWASP MASVS mean?
The OWASP Mobile Application Security Verification Standard, a baseline of testable security requirements for iOS and Android mobile applications.
How does OWASP MASVS work?
The OWASP Mobile Application Security Verification Standard (MASVS) is the mobile counterpart of ASVS. It defines security and privacy requirements for native and hybrid mobile apps grouped into controls covering storage, cryptography, authentication and session management, network communication, platform interaction, code quality, resilience against reverse engineering, and privacy. The current MASVS v2 model uses profiles (MASVS-L1 baseline, MASVS-L2 defense in depth, MASVS-R for apps requiring resilience). It is paired with the Mobile Application Security Testing Guide (MASTG) and Mobile Application Security Checklists (MAS Checklist) for concrete test procedures, and is referenced by app store reviews, banking and health regulators, and bug-bounty programs.
How do you defend against OWASP MASVS?
Defences for OWASP MASVS typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for OWASP MASVS?
Common alternative names include: Mobile Application Security Verification Standard, MASVS.
● Related terms
- compliance№ 775
OWASP ASVS
The OWASP Application Security Verification Standard, a catalogue of testable security requirements for designing, building, and verifying web applications and APIs.
- compliance№ 779
OWASP Mobile Top 10
An OWASP awareness document that ranks the most critical security risks for mobile applications running on iOS, Android, and similar platforms.
- compliance№ 782
OWASP WSTG
The OWASP Web Security Testing Guide, a comprehensive open-source manual that describes how to test web applications for the most common security weaknesses.
- appsec№ 982
Secure Coding
The practice of writing source code in ways that minimize security defects, following defensive patterns, language-specific rules and recognized guidelines.
- compliance№ 204
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.