Saturday, July 4, 2020

The Mobile Application Security Verification Standard (MASVS)

The Mobile Application Security Verification Standard (MASVS)

MASVS is a part of the OWASP Mobile application security guide that can be used as a guideline and best practices during mobile application development as well as security testing. With the use of MASVS, We can achieve a total of four verification levels. But MASVS actually provides two security verification levels (MASVS-L1 and MASVS-L2), as well as a set of reverse engineering resiliency requirements (MASVS-R).
  • MASVS-L1: Security requirements that are recommended for all mobile applications
  • MASVS-L2: Security requirements for applications that contain sensitive data, which requires protection.
  • MASVS-R: Security requirements for applications that need Resiliency Against Reverse Engineering and Tampering such as apps that handle highly sensitive data and may serve as a means of protecting intellectual property or tamper-proofing an app.
Therefore, a mobile application can have four verification levels as follows. 
  1. MASVS-L1
  2. MASVS-L1+R
  3. MASVS-L2
  4. MASVS-L2+R
You can read more about OWASP MASVS from the official publications. 
Reference