OWASP Mobile Application Security Verification Standard (MASVS) testing

Helping organisations design, develop, maintain, and test secure mobile applications

The OWASP Mobile Application Security Verification Standard (MASVS) is a community-driven effort to establish a framework for security requirements throughout the mobile application development lifecycle and beyond.

OWASP MASVS has three main goals:

  • To provide a security standard against which existing mobile apps can be compared
  • To provide guidance during all phases of mobile app development and testing
  • To provide a baseline for mobile app security verification

At Pentest, our testing services are designed to help you work towards the OWASP MASVS, whatever level you wish to obtain, and are based on the exact requirements of your organisation, as well as the mobile application under consideration.

which OWASP MASVS level is right for your application?

The MASVS outlines two levels of security verification (MASVS L1 & MASVS L2), as well as a set of resiliency requirements (MASVS R). Security verification levels can be used in isolation, or in combination with the resilience requirements, it all depends on the application under review and the desired grade of security.

MASVS L1 - Standard Security

This is the minimum level of security all mobile applications should look to achieve. To reach L1, a mobile application must fulfil basic requirements in terms of quality of code, how it handles sensitive data, and how its interaction with the mobile environment. A testing process must also be in place to verify that these requirements have been met.

MASVS L2 - Defence in Depth

L2 introduces advanced security controls and is appropriate for applications that handle sensitive data. To meet this standard, security must be an integral part of an applications architecture and design, and a threat model must exist. Appropriate controls should be selected, based on the threat model, and testing should ensure they these have been implemented successfully.

MASVS R - Resilience

MASVS R (or specific parts of it) can be applied in addition to L1 or L2 security levels, verifying an application’s resilience against specific, clearly defined threats and ensuring that the application cannot be tampered with.

Not sure which verification levels are right for you? We can work with you to provide the necessary advice and guidance based on the application under review.

why choose us

Our MASVS testing services are designed to support your overall information security efforts. It’s this support that truly sets us apart and whether it’s your first test, or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to deliver long-term value to you and your organisation. 

experience and expertise

Our team of security consultants have years of experience and a depth of expertise in mobile application security testing. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

dedicated contact throughout

Every organisation we work with is appointed a dedicated account manager. Our account managers understand the complexity of coordinating application tests and will work with you to ensure your test runs smoothly.

testing tailored to you

No two organisations are the same and neither are our OWASP MASVS tests. We work closely with you to fully understand the mobile application in question, the security challenges, operational needs and priorities before we undertake any work.

quality reporting

Every test report undergoes an internal QA process and is peer reviewed. Our reports are designed around the OWASP MASVS requirements and the associated Mobile Application Security Checklist. Our reports provide you with a managerial overview of findings, an in-depth technical review of the tests conducted, as well as our remediation advice.

post-test support

Our job doesn’t finish on the delivery of a test report and our expert consultants will be available to answer any questions, to share their expert knowledge and to provide remediation support to internal development teams or external suppliers.

added value

Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.

contact us

Want to find out more about our OWASP MASVS testing services? Our team are on hand to provide you with the information and support you need. Please fill out the form below and a member of our team will be in touch shortly.