Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/20/OWASP%20AppSec%20US%202023%20-%20Refactoring%20Mobile%20App%20Security.pdf
In this talk we will present the new iteration of the OWASP MASTG v2, including brand new MAS profiles (previously known as “levels”), news about automation and “compliance as code”, and a walkthrough of some of the new “atomic tests”.
Since 2016, when the OWASP MASVS and MASTG became part of the OWASP universe, many contributions have been made by 100s of people, making it the de facto “industry standard for mobile app security”. Acknowledging the changes in the industry, the first major refactoring of MASVS was done between 2021 and early 2023 to bring it to v2 and address the limitations identified during real-world pentest engagements. To complement this, we have started refactoring the MASTG test cases to align them with the new controls and to make them more automation-friendly.
Want to secure your mobile apps? See you there!
Carlos Holguera
NowSecure
Mobile Security Research Engineer
Carlos is a mobile security research engineer and one of the two leaders of the OWASP Mobile App Security (MAS) project who has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.
Sven Schleier
Crayon
Principal Security Consultant
Sven is living in Austria and a Principal Security Consultant at Crayon, specialised in Cloud Security. He has extensive experience in offensive security engagements like Penetration Testing and Application Security by supporting and guiding software development projects for Mobile and Web Applications during the whole SDLC to build security in from the start. Besides his day job Sven is one of the core project leaders and authors of the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Application Security Verification Standard (MASVS) and has created the OWASP Mobile Hacking Playground. Sven is giving talks and workshops about Mobile Security worldwide to different audiences, ranging from developers to students and penetration testers.
Managed by the OWASP® Foundation
https://owasp.org/
0 Comments