OWASP Mobile Application Security Testing Guide (MASTG)
This is the official GitHub Repository of the OWASP Mobile Application Security Testing Guide (MASTG). The MASTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). ⬇️ Download the latest PDF ✅ Get the latest Mobile App Security Checklists ⚡ Contribute! 💥 Play with our Crackmes Trusted by ... The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. Learn more. 🥇 MAS Advocates MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. Learn more. Connect with Us GitHub Discussions #project-mobile-app-security (Get Invitation) @OWASP_MAS (Official Account) @bsd_daemon (Sven Schleier, Project Lead) @grepharder (Carlos Holguera, Project Lead) Other Formats Get the printed version via lulu.com Get the e-book
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Detect and warn about potential malicious behaviors in Android applications through static analysis.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
Runtime Mobile Security (RMS) is a powerful web interface powered by FRIDA for manipulating Android and iOS Apps at Runtime.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A data-mining and deep web asset search engine for breach analysis and prevention services.
Steghide is a steganography program for hiding data in image and audio files.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.