NowSecure recently celebrated three years of contributing to the OWASP Mobile App Security Project which produces globally recognized standards for secure mobile app development and mobile app security testing. The company’s industry leadership as an OWASP MAS Advocate has advanced mobile security and provided mobile application risk management solutions that align with OWASP standards to reduce risk, strengthen privacy and ensure compliance.
Led by Carlos Holguera, the OWASP MAS Project co-chair and a NowSecure principal research engineer, the NowSecure contributions to OWASP mobile security initiatives can be partially quantified by GitHub metrics:
- 320+ pull requests
- 230+ reviews
- 42,000+ additions
- 29,500+ deletions
These numbers reflect more than activity — they demonstrate leadership. NowSecure has significantly advanced OWASP MAS resources by contributing valuable content, reviewing community submissions and maintaining the overall clarity and quality of the project.
NowSecure has significantly advanced OWASP MAS resources by contributing valuable content, reviewing community submissions and maintaining the overall clarity and quality of the project.
Why OWASP Mobile Application Security Matters to Security Leaders
The OWASP Mobile App Security project provides an authoritative, community-driven framework for securing mobile applications. It includes three core components that have become essential resources for mobile security leaders, practitioners and developers:
- MASVS: The Mobile Application Security Verification Standard (MASVS) defines the security controls required to secure a mobile app across different threat models.
- MASTG: The Mobile Application Security Testing Guide (MASTG) provides detailed test cases and methodologies to assess app compliance against MASVS.
- MASWE: The Mobile App Security Weakness Enumeration (MASWE) offers a structured taxonomy of known mobile security weaknesses for better vulnerability tracking and remediation.
Together, these frameworks help security leaders:
- Establish consistent, measurable mobile application security standards across internal and third-party development teams
- Align mobile application security testing with regulatory compliance requirements such as GDPR, HIPAA, PCI DSS, and CCPA
- Reduce risk exposure from mobile threats through structured verification, security assessments and remediation planning
- Enable DevSecOps and AppSec teams to shift left and implement secure coding practices earlier in the development lifecycle.
“The MAS Standards help answer the critical question, ‘Have we done enough based on the business risk of the mobile app?” says NowSecure CEO Alan Snyder. “The standards stay current through community input, enable vendor performance comparisons and provide evidence of reasonable care to auditors and regulators. Any serious mobile app risk management program should incorporate them.”
How NowSecure Supports & Contributes to OWASP MAS
As a longstanding OWASP MAS contributor and advocate, NowSecure plays a pivotal role in shaping the future of mobile security standards. As mentioned above, our team has contributed more than 320 GitHub pull requests, 230 reviews and tens of thousands of lines of additions and improvements to the MASVS, MASTG and MASWE resources.
Our contributions have influenced nearly every major evolution of the project in the past three years:
MASVS v2.0 & v2.1 Modernize Mobile AppSec Standards
In 2023, OWASP released MASVS v2.0 — a major update that introduced a simplified, modular structure with clearly defined MAS Testing Profiles to support real-world mobile risk models. NowSecure contributed technical insights, real-world testing scenarios and strategic guidance that helped refine the standard and improve its usability for mobile developers and security teams.
In early 2024, MASVS-PRIVACY v2.1 was addressed to address privacy and data protection risks — a contribution heavily influenced by NowSecure’s work in the financial, healthcare and high-tech sectors.
MASTG Refactor Enhances Practical Testing and Usability
The Mobile Application Security Testing Guide underwent a major refactor led in part by NowSecure. The updates included:
- Atomic Testing: Smaller, self-contained tests with clear traceability.
- Modular Framework: Separation of tests, techniques, tools, and app examples.
- Improved Searchability and Maintenance: Enabling faster onboarding and easier adoption for security analysts.
These updates ease the process of conducting audits, automating assessments and tracing findings back to MASVS controls — accelerating time-to-insight and time-to-remediation.
MASWE Maps the Mobile Threat Landscape
NowSecure contributed significantly to the MASWE, a new enumeration designed to bridge the gap between security requirements and concrete mobile weaknesses. MASWE improves the traceability between MASVS and MASTG, making it easier for teams to track vulnerabilities across the SDLC and triage risks with precision.
Test Apps and Enable Developers
To empower mobile development and security teams with hands-on experience, NowSecure supported the creation of standardized MAS Test Apps for iOS and Android. These include:
- Skeleton applications for rapid testing
- Embedded code samples to simulate vulnerabilities
- CI/CD integration through GitHub Actions
This investment helps mobile teams learn, test, and scale secure development practices in real-world environments.
Operationalize OWASP MAS with NowSecure Platform
As an enterprise leader, contributing to OWASP MAS is only part of the story. NowSecure integrated OWASP MAS standards directly into NowSecure Platform, an automated mobile app security testing solution. This enables organizations to:
- Conduct continuous testing aligned to MASVS Testing Profiles
- Automate assessments for internal, third-party and public apps
- Map findings to MASVS, MASTG and MASWE for audit-ready reports
- Support privacy testing with MASVS-PRIVACY integration
- Shift left with CI/CD and API-first integrations.
This approach empowers CISOs and AppSec leaders to scale mobile app security efforts across the mobile ecosystem and rapidly release secure apps without slowing development.
Drive Strategic Mobile Security Outcomes
By contributing to and aligning with OWASP MAS, NowSecure helps CISOs, security leaders and DevSecOps leaders achieve these business objectives:
- Reduce Risk: Prevent data breaches and privacy violations
- Ensure Compliance: Meet standards like OWASP MASVS, GDPR, HIPAA, and SOC 2
- Enable DevSecOps: Embed security into the SDLC and CI/CD pipeline
- Boost Security Maturity: Establish a repeatable, scalable mobile AppSec program
- Demonstrate Leadership: Align your program with global security best practices
Partner with NowSecure to Lead in Mobile Application Security
The OWASP MAS project continues to set the global standard for mobile AppSec — and NowSecure is proud to lead the way. Our experts, tools and contributions help enterprise security leaders build and maintain resilient risk-based mobile security programs backed by proven standards.
Explore how NowSecure can help your team align with OWASP MASVS standards, automate mobile app security testing and better manage mobile app risk by requesting a NowSecure Platform demo or mobile PTaaS today.
