This is the official GitHub Repository of the OWASP Mobile Application Security Testing Guide (MASTG). The MASTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). ⬇️ Download the latest PDF ✅ Get the latest Mobile App Security Checklists ⚡ Contribute! 💥 Play with our Crackmes Trusted by ... The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions. Learn more. 🥇 MAS Advocates MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. Learn more. Connect with Us GitHub Discussions #project-mobile-app-security (Get Invitation) @OWASP_MAS (Official Account) @bsd_daemon (Sven Schleier, Project Lead) @grepharder (Carlos Holguera, Project Lead) Other Formats Get the printed version via lulu.com Get the e-book
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
Extract local data storage of an Android application in one click.
Hashcat is a fast and advanced password recovery utility that supports various attack modes and hashing algorithms, and is open-source and community-driven.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.