This is the official GitHub Repository of the OWASP Mobile Application Security Testing Guide (MASTG). The MASTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). ⬇️ Download the latest PDF ✅ Get the latest Mobile App Security Checklists ⚡ Contribute! 💥 Play with our Crackmes Trusted by ... The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. Learn more. 🥇 MAS Advocates MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. Learn more. Connect with Us GitHub Discussions #project-mobile-app-security (Get Invitation) @OWASP_MAS (Official Account) @bsd_daemon (Sven Schleier, Project Lead) @grepharder (Carlos Holguera, Project Lead) Other Formats Get the printed version via lulu.com Get the e-book
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A tool for quantitative risk analysis of Android applications using machine learning techniques.
Tools and documentation for validating hardware security requirements on x86 platforms, including bootable USB key creation and platform configuration verification.
Industrial control system automation and testing tool for SCADA security testing.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
Extract local data storage of an Android application in one click.
Android vulnerability analysis system with efficient scanning and high accuracy.
A tool for analyzing Android applications in local storage with various functionalities.
An open-source project for dynamic analysis of Android applications using the Android Substrate framework.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.