OWASP Mobile Security Testing Guide

• A general understanding of mobile app development lifecycle
• Experience in mobile application development, security, and testing

Audience

• Developers
• Engineers
• Architects

The Mobile Security Testing Guide (MSTG) is a community-led, open-source testing resource that provides a comprehensive guide covering the processes, techniques, and tools used during security testing for mobile applications and services. The Open Web Application Security Project (OWASP) Foundation and its online community continuously develop the MSTG.

This instructor-led, live training (online or onsite) is aimed at developers, engineers, and architects who wish to apply the MSTG testing principles, processes, techniques, and tools to secure their mobile applications and services.

By the end of this training, participants will be able to:

• Explore testing techniques to strategize an effective security testing implementation in the development lifecycle.
• Perform testing techniques to test general vulnerabilities and risks in mobile apps.
• Run various security testing processes to secure their Android and iOS mobile applications.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Introduction

Overview of the OWASP Mobile Security Testing Guide

• Key areas in mobile app security
• The OWASP Mobile AppSec Verification Standard (MASVS)
• Navigating the guide
• Mobile app taxonomy

Understanding Mobile App Security Testing Basics

• Mobile app security checklist
• Testing principles
• Setting testing objectives
• Development lifecycle security testing

Running General Testing Techniques for Mobile Apps

• Authentication architectures
• Testing network and cryptography
• Testing code quality
• Tampering and reverse engineering
• Mobile app user interaction

Exploring Android and iOS Platforms

• Android platform overview
• Data storage on Android
• iOS platform overview
• Data storage on iOS

Performing Security Testing for Android

• Android basic security testing
• Testing data storage
• Local authentication
• Android APIs (cryptographic, network, and platform)
• Code quality and build settings for apps
• Tampering and reverse engineering
• Anti-reversing defenses

Performing Security Testing for iOS

• iOS basic security testing
• Testing data storage
• iOS APIs (cryptographic, network, and platform)
• Code quality and build settings for apps
• Tampering and reverse engineering
• Anti-reversing defenses

Contributing to the MSTG Community

• Reading the MSTG
• Contribution guide
• Feature requests and feedback

Summary and Conclusion