OWASP Mobile Application Security Verification Standard (MASVS)

Helping organisations design, develop, maintain, and test secure mobile applications

The OWASP Mobile Application Security Verification Standard (MASVS) is a community-driven effort to establish a framework for security requirements throughout the mobile application development lifecycle and beyond.

OWASP MASVS has three main goals:

  • To provide a security standard against which existing mobile apps can be compared
  • To provide guidance during all phases of mobile app development and testing
  • To provide a baseline for mobile app security verification

At Pentest, our testing services are designed to help you work towards the OWASP MASVS, whatever level you wish to obtain, and are based on the exact requirements of your organisation, as well as the mobile application under consideration.

Which OWASP MASVS level is right for your application?

The MASVS outlines two levels of security verification (MASVS L1 & MASVS L2), as well as a set of resiliency requirements (MASVS R). Security verification levels can be used in isolation, or in combination with the resilience requirements, it all depends on the application under review and the desired grade of security.

MASVS L1 - Standard Security

This is the minimum level of security all mobile applications should look to achieve. To reach L1, a mobile application must fulfil basic requirements in terms of quality of code, how it handles sensitive data, and how its interaction with the mobile environment. A testing process must also be in place to verify that these requirements have been met.

MASVS L2 - Defence in Depth

L2 introduces advanced security controls and is appropriate for applications that handle sensitive data. To meet this standard, security must be an integral part of an applications architecture and design, and a threat model must exist. Appropriate controls should be selected, based on the threat model, and testing should ensure they these have been implemented successfully.

MASVS R - Resilience

MASVS R (or specific parts of it) can be applied in addition to L1 or L2 security levels, verifying an application’s resilience against specific, clearly defined threats and ensuring that the application cannot be tampered with.

Not sure which verification levels are right for you? We can work with you to provide the necessary advice and guidance based on the application under review.

Why choose us

Our MASVS testing services are designed to support your overall information security efforts. It’s this support that truly sets us apart and whether it’s your first test, or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to deliver long-term value to you and your organisation. 

Information security testing experts since 2001

Dedicated account management

Testing tailored to your organisation

Comprehensive, quality assured reporting

Unrivalled post-test support

Contact us

Want to find out more about our OWASP MASVS testing services? Our team are on hand to provide you with the information and support you need. Please fill out the form below and a member of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.