Highly regulated and strongly-branded organizations and organizationes that embrace industry standards should ensure that their mobile apps comply with the OWASP Mobile Application Security Verification Standard (MASVS) security requirements. To support these needs, NowSecure recently expanded its expert mobile application penetration tests to offer OWASP MASVS compliance and incorporated OWASP MASVS findings into NowSecure Platform software for automated mobile application security testing.
Launched in 2013 and most recently updated in 2022, the OWASP Mobile Application Security Project has driven standards-based security requirements and testing strategies for close to a decade. Used by mobile app developers, security teams and security researchers, the OWASP Mobile Application Security Project comprises a trifecta of resources to reduce risk in mobile apps:
- OWASP Mobile Application Security Verification Standard (MASVS) establishes a baseline of security requirements for mobile apps
- OWASP Mobile Application Security Testing Guide (MASTG) outlines how to test the MASVS requirements
- OWASP Mobile Application Security Checklist tracks security assessment tasks
The Importance of OWASP
“The OWASP MASVS and MASTG are the foundation of a mobile appsec program,” says Carlos Holguera, OWASP project lead and NowSecure security researcher. “The MASVS guides developers and security analysts on architecture, threat modeling and proper techniques to secure mobile data. The MASTG has hundreds of tests you should perform and there are many nuances and edge cases to consider.”
“Without the right expertise it can be tough to effectively achieve full MASVS compliance,” Holguera notes. “Having security professionals you can trust is essential.” Tapping unparalleled mobile-focused expertise, NowSecure Services delivers the world’s most comprehensive mobile penetration testing to uncover and help remediate security, privacy and compliance risks in mobile apps. In collaboration with customers, NowSecure customizes its mobile application pen tests to a particular app’s risk profile and security requirements, collaborating with clients to ensure success.
We are proud to add OWASP MASVS compliance to our mobile app penetration testing services lineup. – Michael Krueger, Senior Director of Application Security
Deep, Dedicated Experience
Over the past decade, the NowSecure Services team has performed more than 10,000 mobile app pen tests across a wide variety of mobile apps and industries. In particular, many customers seek the validation of a third party to verify the security of highly regulated or sensitive apps that contain Personally Identifiable Information (PII) or unique intellectual property (IP), mobile connected IoT or are a brand new release or major update. Smaller companies and those that lack the in-house staff or skills to conduct expert manual security assessments also regularly rely on NowSecure for expert mobile app pen tests.
Priding itself on excellent customer service, NowSecure offers a full complement of mobile penetration testing services including rapid, targeted, full-scope and certifications such as ioXt certification for IoT-connected mobile apps and National Information Assurance Partnership (NIAP) compliance for the mobile app protection profile. Today NowSecure adds OWASP MASVS mobile pen test services to the list of available expert-led certifications.
NowSecure pen testing services have long empowered mobile-first organizations, mobile app developers and mobile app security teams to release secure mobile apps. The pen tests follow a rigorous methodology that includes assessment kickoff, customer policy review, industry compliance review, threat modeling, comprehensive app analysis, customized reporting, results walkthrough, remediation collaboration and retest to confirm validated remediation.
“We are proud to add OWASP MASVS compliance to our mobile app penetration testing services lineup,” says Michael Krueger, senior director of application security for NowSecure.
“Our world-class team boasts unmatched expertise and looks forward to partnering with customers to demonstrate their mobile apps comply with the gold standard for mobile appsec.”
MASVS & MASTG
NowSecure has contributed to the OWASP mobile project since its inception with NowSecure practitioners collaborating on spec evolution and tooling while the company serves as an OWASP “god mode” sponsor for the OWASP MASVS. NowSecure practitioners collaborate with OWASP to evolve based on the changing mobile security landscape and enable continuous integration with the standard not only at the requirements level but also at the MASTG test level. For example, NowSecure is currently involved in the MASVS refactoring community effort to develop the next major version of the standard. NowSecure is committed to continuously upgrade its products and services including the latest advancements coming straight from the MASVS and the MASTG.
The MASTG encourages the use of automated tools such as NowSecure Platform to perform static and dynamic analysis of mobile app binaries. In addition to launching OWASP MASVS mobile penetration testing, NowSecure recently enhanced NowSecure Platform with all relevant MASVS findings to enable mobile app security and development teams to automate testing for standards compliance. NowSecure Platform provides cloud-based automated mobile app security testing for on-demand and DevSecOps continuous testing scenarios and delivers a battery of more than 600 automated mobile app tests.
Together, NowSecure Services and NowSecure Platform empower organizations to confidently build and deploy secure mobile apps faster. Download our mobile penetration testing provider evaluation checklist to discover more about what to look for in an OWASP MASVS mobile pen test, request your own mobile pen testing consultation, or get a NowSecure Platform demo to see how the findings map to the OWASP MASVS.