Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How the Latest MASVS and MSTG Specs Enhance Mobile Penetration Testing

OWASP Foundation via YouTube

Overview

Explore the latest OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG) specifications in this 44-minute conference talk. Dive into the pervasive nature of mobile risk and the unique security challenges posed by mobile platforms. Learn how to effectively leverage OWASP mobile projects, understand the mobile attack surface, and navigate changes in platform interaction and data storage. Discover best practices for testing network security, authentication, and session management on mobile devices. Gain insights into setting security policies, distinguishing between security and privacy concerns, and integrating security into your software development lifecycle. Explore a curated list of open-source tools and utilize the Mobile AppSec Testing Checklist to enhance your mobile application security testing approach.

Syllabus

Intro
Mobile Powers the World, But Mobile Risk is Pervasive
Mobile Security Challenges by the Numbers
Web & Mobile are Fundamentally Different
Understand the Mobile Attack Surface
Understand the Anatomy of a Mobile Attack
Get started on the right path
Leverage OWASP Mobile Project
Use all Your Senses
Learn the Mobile Attack Surface
Changes in MASVS - Platform Interaction
Sensitive data leaks like an overfilled drink
Changes in MASVS - Data Storage
Don't cringe at client-side security controls
Test network on mobile
Don't water down auth & session mgmt
The order matters: Test first, then resilience
Framework for Setting Policy
Don't mix up Security & Privacy, Not the Same
The flavor palate varies widely
Buy a dev a drink, and they might buy you one too
Tony's Mobile Top Ten Recipe
Summary Recommendations
A Sampling of OSS Tools
Leverage Mobile AppSec Testing Checklist
Build Security Into Your SDLC

Taught by

OWASP Foundation

Reviews

Start your review of How the Latest MASVS and MSTG Specs Enhance Mobile Penetration Testing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.