Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A New Framework to Automate MSTG and MASVS in Your CI/CD Pipeline

OWASP Foundation via YouTube

Overview

Explore a new framework for automating OWASP Mobile Security Testing Guide (MSTG) and Mobile Application Security Verification Standard (MASVS) in CI/CD pipelines. Learn how to address mobile security challenges in Agile and DevOps environments by implementing automated, repeatable security tests for each release. Discover techniques for detecting vulnerabilities early, improving developer understanding of security, and allowing penetration testers to focus on more sophisticated attack patterns. Examine the combination of existing penetration testing frameworks, UI automation, and Behavior-Driven Development (BDD) to create comprehensive security tests covering areas like encrypted PII, input validation, cryptography, and network security. Gain practical insights on writing, executing, and integrating these tests into CI/CD pipelines, and learn how to retrieve test results and trigger automatic tests when manual penetration tests uncover flaws.

Syllabus

Intro
Why does mobile security matter?
Agile SDLC: where and when to detect vulnerabilities?
Why do mistakes happen?
Mobile Security challenges
Introduce security integration tests
Biggest problem with tests
Solution: BDD
BDD explained: features and steps
Why BDD in security? Communication
Cucumber: the king of BDD
Translate the OWASP MSTG in BDD
Automate the UI
Execute security tests
Get Feedback
Full process in the SDLC
Setup
Target: OWASP MSTG Hacking Playground
OWASP MSTG: Testing Logs for Sensitive Data
BDD: Testing Logs for Sensitive Data
OWASP MSTG: Testing Local Storage for Sensitive Data
BDD: Testing Local Storage for Sensitive Data
Reporting
Integration in CI/CD
Benefits
References

Taught by

OWASP Foundation

Reviews

Start your review of A New Framework to Automate MSTG and MASVS in Your CI/CD Pipeline

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.