OWASP Mobile Application Security Testing Guide
With Membership
Suggested price

OWASP Mobile Application Security Testing Guide


About the Book

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

The MASTG is the result of an open, crowd-sourced effort, made of the contributions of dozens of authors and reviewers from all over the world.

Note that the content in the Github repository will be updated with new content regularly and the e-book is not updated automatically. All funds raised through sales of this book go directly to OWASP and to fund production of future releases, including:

  • Editing and proofreading by professional editors for new content of the Mobile Application Security Testing Guide (MASTG) and Mobile Application Security Verification Standard (MASVS)
  • Graphic design and layout

Visit out GitHub repository for feedback, questions, or to contribute:


About the Editors

Sven Schleier
Sven Schleier

Sven made several stops at big consultant companies and small boutique firms in Germany and Singapore and became specialised in Application Security and has supported and guided software development projects for Mobile and Web Applications during the whole SDLC. Besides his day job Sven is one of the core project leaders and authors of the OWASP Mobile Security Testing Guide and OWASP Mobile Application Security Verification Standard and has created the OWASP Mobile Hacking Playground. Sven is giving talks and workshops about Mobile and Web Application Security worldwide to different audiences, ranging from developers to students and penetration testers.

Bernhard Mueller
Bernhard Mueller

Bernhard is a cyber security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry, he has published many zero-day exploits for products like MS SQL Server, Adobe Flash Player, IBM Director, Cisco VOIP and ModSecurity (at a time when vulnerabilities were still released for fun but without profit). If you can name it, he has probably broken it at least once. His pioneering work in mobile security was commended with a BlackHat "Best Research" Pwnie Award.

Jeroen Willemsen
Jeroen Willemsen

Jeroen Willemsen is a Principal Security Architect at Xebia. With a love for mobile security, he has been one of the projectleaders for the OMTG project (MASV & MSTG). Jeroen is more or less a jack of all trades with interest in infrastructure security, risk management and application security.

Carlos Holguera
Carlos Holguera

Carlos Holguera is a mobile security research engineer who has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.

Table of Contents



Introduction to the Mobile Security Testing Guide

Key Areas in Mobile Application Security

The OWASP Mobile AppSec Verification Standard

Navigating the Mobile Security Testing Guide

General Testing Guide

Mobile App Taxonomy

Mobile App Security Testing

Tampering and Reverse Engineering

Mobile App Authentication Architectures

Testing Network Communication

Cryptography in Mobile Apps

Testing Code Quality

Testing Application Security on Android

Android Platform Overview

Setting up a Testing Environment for Android Apps

Data Storage on Android

Android Cryptography APIs

Local Authentication in Android Apps

Android Network APIs

Android Platform APIs

Code Quality and Build Settings of Android Apps

Tampering and Reverse Engineering on Android

Android Anti-Reversing Defenses

Testing Application Security on iOS

iOS Platform Overview

Setting up a Testing Environment for iOS Apps

Data Storage on iOS

iOS Cryptography APIs

Local Authentication in iOS Apps

iOS Network APIs

iOS Platform APIs

Code Quality and Build Settings of iOS Apps

Tampering and Reverse Engineering on iOS

iOS Anti-Reversing Defenses


Testing Tools

Suggested Reading

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub