The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for static and dynamic security tests, and to help ensure completeness and consistency of the tests.
OWASP thanks the many authors, reviewers, and editors for their hard work in developing this guide. If you have any comments or suggestions on the Mobile Security Testing Guide, please join the discussion around MASVS and MSTG in the OWASP Mobile Security Project Slack Channel https://owasp.slack.com/messages/project-mobile_omtg/details/. You can sign up here:
Copyright © 2017 The OWASP Foundation. This document is released under the Creative Commons Attribution ShareAlike 3.0 license. For any reuse or distribution, you must make clear to others the license terms of this work.
Note: This table is generated based on the contribution log, which can be found under https://github.com/OWASP/owasp-mstg/graphs/contributors. For more details, see the GitHub Repository README under https://github.com/OWASP/owasp-mstg/blob/master/README.md. Note that this isn't updated in real time (yet) - we do this manually every few weeks, so don't panic if you're not listed immediately.
| Project Leaders and Authors | Co-Authors | Top Contributors | Contributors | Reviewers |
|---|---|---|---|---|
| Bernhard Mueller, Sven Schleier | Romuald Szkudlarek, Francesco Stillavato, Pawel Rzepa, Abdessamad Temmar, Slawomir Kosowski | Jin Kung Ong, Alexander Antukh, Jeroen Willemsen, Henry Hoggard, Gerhard Wagner, Ryan Teoh, Daniel Ramirez Martin, Claudio André, Prathan Phongthiproek, Luander Ribeiro | Michael Helwig, Oguzhan Topgul, Pishu Mahtani, D00gs, Stefan Streichsbier, Ben Actis, Anatoly Rosencrantz, Ali Yazdani, Sebastian Banescu, Prabhant Singh, Romantic668, Stephen Corbiaux, Demonbensa, Anuruddha (L3Osi13nT), Ben Gardiner | Anant Shrivastava, Stephanie Vanroelen |
The Mobile Security Testing Guide was initiated by Milan Singh Thakur in 2015. The original document was hosted on Google Drive. Guide development was moved to GitHub in October 2016.
OWASP MSTG "Beta 2" (Google Doc)
| Authors | Reviewers | Top Contributors |
|---|---|---|
| Milan Singh Thakur, Abhinav Sejpal, Blessen Thomas, Dennis Titze, Davide Cioccia, Pragati Singh, Mohammad Hamed Dadpour, David Fern, Mirza Ali, Rahil Parikh, Anant Shrivastava, Stephen Corbiaux, Ryan Dewhurst, Anto Joseph, Bao Lee, Shiv Patel, Nutan Kumar Panda, Julian Schütte, Stephanie Vanroelen, Bernard Wagner, Gerhard Wagner, Javier Dominguez | Andrew Muller, Jonathan Carter, Stephanie Vanroelen, Milan Singh Thakur | Jim Manico, Paco Hope, Pragati Singh, Yair Amit, Amin Lalji, OWASP Mobile Team |
OWASP MSTG "Beta 1" (Google Doc)
| Authors | Reviewers | Top Contributors |
|---|---|---|
| Milan Singh Thakur, Abhinav Sejpal, Pragati Singh, Mohammad Hamed Dadpour, David Fern, Mirza Ali, Rahil Parikh | Andrew Muller, Jonathan Carter | Jim Manico, Paco Hope, Yair Amit, Amin Lalji, OWASP Mobile Team |