Mobile Security (Track)

Working Sessions related to Mobile Security

Organizer(s): Bernhard Mueller , Sven Schleier

Participants(s): Denis Pilipchuk , Naushad , Bolot Kerimbaev , Jeroen Willemsen , Marc Rimbau , Kuai Hinojosa (remotely) , Ade Yoseman Putra (remotely) , Carlos Holguera , Akanksha Bana (remotely)


This track focuses on mobile application security. It is organised by the project leaders of the OWASP Mobile Security Testing Guide project. The focus of this track is completing the OWASP Mobile Security Testing Guide.

If you are interested in setting the industry standard for mobile application security, this is the place to be.

Working Sessions

This track consists of a series of book sprints, each of which focuses on producing content for a specific section in the OWASP MSTG, as well as proof-reading and editing the existing content. The goal is to make as much progress on the guide as is humanly possible. Depending on the number of participants, we’ll split into sub-groups to work on different subsections or topic areas.

How to Join

Join up for the working session(s) you like by following the link(s) on top of this page, then hitting the “Edit this page here” link at the bottom, and adding yourself to the “participants” field. Signing up is not mandatory, but helps us to better organize the sessions. Don’t worry though if your favorite topic is on the “wrong” day - you can always simply stop by our session and we’ll brief you on your topic of choice. After all, this is the Woodstock of appsec!

More things to do once you have signed up:

  • Make yourself familiar with the existing content. Or even better, start contributing right away :)
  • Ping us on the OWASP MSTG Slack channel (sushi2k or bernhardm).
  • If you have rooted Android / jailbroken iOS devices, please bring them along to the session.

About the OWASP Mobile Security Testing Project

Our project produces two key documents: A security standard for mobile apps, and a testing guide that augments the requirements in the security standard detailed, OS-specific test cases and secure coding recommendations. Note that our project is not related to the OWASP Mobile Top 10.

The Mobile Security Testing Guide (MSTG)

The MSTG is comprehensive guide for iOS and Android mobile security testers. It covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

The Mobile App Security Verification Standard (MASVS)

The MASVS is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, and security testers can use it to ensure completeness and consistency of test results. This document has already undergone several revisions and is relatively mature. The latest release is available in [PDF format](


The target audience for this Working Session is:

  • Developers
  • Security Testers
  • Reverse Engineers
  • Everyone else with good writing skills and some technical know-how :)

Back to list of all Working Sessions and Tracks

Edit this page here