Lunch & Learn: Securing Mobile Apps with the OWASP MASVS and MSTG

Securing Mobile Apps with the OWASP MASVS and MSTG

There are numerous ways of developing mobile apps today, but how do you ensure that security is part of the development process? What are the attacks you should be concerned about and what can you do to avoid being an easy target? If you don't want to miss anything, leveraging a standard is essential. The Mobile Application Security Verification Standard (MASVS) offers exactly that. It works together with the agile written Mobile Security Testing Guide (MSTG) to help you understand the attack surface of mobile apps, how to exploit them and how to protect them. Both resources are crafted and are curated by a team of numerous experts and community contributors.

In this talk we will make a deep dive into the upcoming changes and the transitioning into the MASVS version 2.0. We'll share the current status of the refactoring of the OWASP MASVS and the MSTG and what we were able to automate to get rid of manual processes and have more time focusing on the content!

Speaker Bio:
Carlos Holguera is a Mobile Security Research Engineer working with NowSecure and one of the core project leaders and authors of the OWASP Mobile Security Testing Guide and OWASP Mobile Application Security Verification Standard. Carlos has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.