OWASP Mobile Application Security Verification Standard (MASVS)

Helping organisations design, develop, maintain, and test secure mobile applications


The OWASP Mobile Application Security Verification Standard (MASVS) is a community-driven effort to establish a framework for security requirements throughout the mobile application development lifecycle and beyond.

OWASP MASVS has three main goals:

  • To provide a security standard against which existing mobile apps can be compared
  • To provide guidance during all phases of mobile app development and testing
  • To provide a baseline for mobile app security verification

At Pentest, our testing services are designed to help you work towards the OWASP MASVS and are based on the exact requirements of your organisation, as well as the mobile application under consideration.


The MASVS outlines two levels of security verification (MASVS L1 & MASVS L2), as well as a set of resiliency requirements (MASVS R). Security verification levels can be used in isolation, or in combination with the resilience requirements, it all depends on the application under review and the desired grade of security. 

Our testing is designed to help you work towards OWASP MASVS, whatever level you wish to obtain. 

MASVS L1 - Standard Security

This is the minimum level of security all mobile applications should look to achieve. To reach L1, a mobile application must fulfil basic requirements in terms of quality of code, how it handles sensitive data, and how it interacts with the mobile environment. Testing must be in place to verify that these requirements have been met.

MASVS L2 - Defence in Depth

L2 introduces advanced security controls & is appropriate for applications that handle sensitive data. To meet this standard, security must be an integral part of application architecture and design, and a threat model must exist. Appropriate controls should be selected, based on the threat model and testing should ensure successful implementation.

MASVS R - Resilience

MASVS R (or specific parts of it) can be applied in addition to MASVS L1 or MASVS L2 security levels, verifying an applications resilience against specific, clearly defined threats and ensuring that the application cannot be tampered with.

Find out more about our OWASP MASVS service

Our team are on hand to provide you with the information and support you need. Please fill out the form below and a member of our team will be in touch shortly.