OWASP Mobile Security Testing Guide - 1.1.3 Release
OWASP Mobile Security Testing Guide - 1.1.3 Release
Minimum price
Suggested price
OWASP Mobile Security Testing Guide - 1.1.3 Release

This book is 90% complete

Last updated on 2019-08-05

About the Book

The Mobile Security Testing Guide (MSTG) is a proof-of-concept for an unusual security book. It is the result of an open, crowd-sourced effort, made of the contributions of dozens of authors and reviewers from all over the world.

With the MSTG, we aim to create best practices for mobile security, along with a comprehensive set of security test cases to verify them. The best practices and test cases are packaged into beginner friendly, complete and practical guide to mobile app security testing and reverse engineering.

With this first release we publish content from our GitHub repository that is useful for Android and iOS security testers. Note however that the content in the Github repository will be updated with new content regularly and the e-book is not updated automatically. Feel free to download it for $0 or contribute any amount you like. All funds raised through sales of this book go directly into the project budget and will be used to fund production of future releases, including:

  • Editing and proofreading by professional editors for new content of the Mobile Security Testing Guide and Mobile AppSec Verification Standard
  • Graphic design and layout
  • Purchase an ISBN

Visit out GitHub repository for feedback, questions, or becoming an author:


About the Authors

Sven Schleier
Sven Schleier

Sven is an application security expert with over 8 years of hands-on experience in web and mobile penetration testing, network penetration testing and source code review and is leading the penetration testing team for Vantage Point Security in Singapore. 

He is an experienced Security Architect and Application Security subject matter expert that has supported and guided software development projects for Web Application, iOS and Android Apps during the whole SDLC. 

He is one of the core project leaders and authors for the OWASP Mobile Security Testing Guide, he has created the OWASP Mobile Hacking Playground and is the project leader of the OWASP Mobile Application Security Verification Standard. Bernhard Mueller and Sven presented their work during the OWASP AppSec EU 2017 in Belfast and were also organising and executing the Mobile Security Workshop at the OWAPS Summit 2017 in London. 

Sven is giving workshops about Web and Mobile Application Security and Burp Suite Professional to security folks and developers. He also hosted hands-on workshops about Web Application Security for University students in Singapore. He has published an article on HTML5 security, several security advisories and a white paper about the HTTP Strict Transport Security Header.

Bernhard Mueller
Bernhard Mueller

Bernhard is a cyber security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry, he has published many zero-day exploits for products like MS SQL Server, Adobe Flash Player, IBM Director, Cisco VOIP and ModSecurity (at a time when vulnerabilities were still released for fun but without profit). If you can name it, he has probably broken it at least once. His pioneering work in mobile security was commended with a BlackHat "Best Research" Pwnie Award.

Jeroen Willemsen
Jeroen Willemsen

Jeroen Willemsen is a Principal Security Architect at Xebia. With a love for mobile security, he recently became one of the projectleaders for the OMTG project (MASV & MSTG). Jeroen is more or less a jack of all trades with interest in infrastructure security, risk management and application security.

Table of Contents



Introduction to the Mobile Security Testing Guide

Key Areas in Mobile Application Security

The OWASP Mobile AppSec Verification Standard

Navigating the Mobile Security Testing Guide

General Testing Guide

Mobile App Taxonomy

Mobile App Security Testing

Tampering and Reverse Engineering

Mobile App Authentication Architectures

Testing Network Communication

Cryptography in Mobile Apps

Testing Code Quality

Testing Application Security on Android

Android Platform Overview

Setting up a Testing Environment for Android Apps

Data Storage on Android

Android Cryptography APIs

Local Authentication in Android Apps

Android Network APIs

Android Platform APIs

Code Quality and Build Settings of Android Apps

Tampering and Reverse Engineering on Android

Android Anti-Reversing Defenses

Testing Application Security on iOS

iOS Platform Overview

Setting up a Testing Environment for iOS Apps

Data Storage on iOS

iOS Cryptography APIs

Local Authentication in iOS Apps

iOS Network APIs

iOS Platform APIs

Code Quality and Build Settings of iOS Apps

Tampering and Reverse Engineering on iOS

iOS Anti-Reversing Defenses


Testing Tools

Suggested Reading

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. Free App. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets), MOBI (for Kindle) and in the free Leanpub App (for Mac, Windows, iOS and Android). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

Authors, publishers and universities use Leanpub to publish amazing in-progress and completed books and courses, just like this one. You can use Leanpub to write, publish and sell your book or course as well! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub