OWASP Mobile Application Security Verification Standard 
This is the official Github Repository of the OWASP Mobile Application Security Verification Standard (MASVS). The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios, including:
- In the SDLC - to establish security requirements to be followed by solution architects and developers;
- In mobile app penetration tests - to ensure completeness and consistency in mobile app penetration tests;
- In procurement - as a measuring stick for mobile app security, e.g. in form of questionnaire for vendors;
- Et cetera.
The MASVS is a sister project of the OWASP Mobile Security Testing Guide.
Getting the MASVS
PDF/Mobi/Epub/Docx downloads are available on the Releases page. The current release of the MASVS is version 1.1.4. The MASVS is also available in different languages:
- Chinese (Simplified) - ZHCN
- Chinese (Traditional) - ZHTW
- English
- French
- German
- Japanese
- Korean
- Russian
- Spanish
Gitbook
Read it on Gitbook. The book is automatically synchronized with the main repo.
Create new PDF, Epub or Mobi
You can find the documents in the release page. If you want to generate the documents yourself, execute the following steps. Clone the repository and run the gitbook generator. This produces PDF, Epub and Mobi files in the "Generated" subdirectory.
$ git clone https://github.com/OWASP/owasp-masvs/
$ cd owasp-masvs/tools/
$ ./gitbookepubandpdf.sh LATEST
Create Word documents
Clone the repository and run the document generator (requires pandoc). This produces docx and HTML files in the "Generated" subdirectory.
$ git clone https://github.com/OWASP/owasp-masvs/
$ cd owasp-mstg/tools/
$ ./generate_document.sh
Exporting to JSON, XML and CSV
The repository contains a Python tool for converting the requirements into various formats. Clone the repo and run export.py from the tools folder.
export.py [-h] [--format {json,xml,csv}] [--lang {es/ru/en/fr/de/zhtw/ja}]
Suggestions and Feedback
To report and error or suggest an improvement, please create an issue or create a Pull Request.
How to Contribute
The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:
https://owasp.slack.com/messages/project-mobile_omtg/details/
You can sign up here:
Before you start contributing, please check our contribution guide which should get you started.
Read Individual Sections of the MASVS Here
- Header
- Foreword
- Frontispiece
- The Mobile Application Security Verification Standard
- Assessment and Verification
- V1: Architecture, Design and Threat Modeling Requirements
- V2: Data Storage and Privacy Requirements
- V3: Cryptography Requirements
- V4: Authentication and Session Management Requirements
- V5: Network Communication Requirements
- V6: Environmental Interaction Requirements
- V7: Code Quality and Build Setting Requirements
- V8: Resiliency Against Reverse Engineering Requirements
- Appendix A: Glossary
- Appendix B: References
