← Frameworks / Security Standard

OWASP Mobile Application Security Verification Standard v2.1

Community-driven verification standard for mobile application security. 24 requirements across 8 groups: storage, cryptography, authentication, network communication, platform interaction, code quality, resilience, and privacy. Covers both iOS and Android with testable requirements mapped to the OWASP Mobile Application Security Testing Guide (MASTG). Widely adopted by mobile development teams, penetration testers, and security architects as the baseline for mobile app security assessments.

Clauses: 24

Avg Coverage: 73.3%

Publisher: OWASP Foundation Version: 2.1 (2024)

OWASP MASVS v2.1 → SP 800-53 SP 800-53 → OWASP MASVS v2.1 Coverage Analysis

Clause	Title	SP 800-53 Controls
MASVS-AUTH-1	The app uses secure authentication and authorization protocols and follows the relevant best practices	IA-02 IA-05 AC-03 IA-08 SC-23
MASVS-AUTH-2	The app performs local authentication securely	IA-02 IA-05 IA-07 SC-13 AC-07
MASVS-AUTH-3	The app secures sensitive operations with additional authentication	IA-10 AC-03 IA-02 IA-11 SC-23
MASVS-CODE-1	The app requires an up-to-date platform version	SI-02 CM-06 SA-22 CM-02
MASVS-CODE-2	The app has a mechanism for enforcing app updates	SI-02 CM-03 SA-22 CM-02
MASVS-CODE-3	The app only uses software components without known vulnerabilities	RA-05 SI-02 SA-11 SR-03 CM-08
MASVS-CODE-4	The app validates and sanitizes all untrusted inputs	SI-10 SI-16 SA-11 SC-18
MASVS-CRYPTO-1	The app employs current strong cryptography and uses it according to industry best practices	SC-13 SC-12 SA-08 CM-06
MASVS-CRYPTO-2	The app performs key management according to industry best practices	SC-12 SC-17 SA-08 CM-06
MASVS-NETWORK-1	The app secures all network traffic according to the current best practices	SC-08 SC-13 SC-23 AC-17 SC-07
MASVS-NETWORK-2	The app performs identity pinning for all remote endpoints under the developer's control	SC-08 SC-17 SC-23 IA-05
MASVS-PLATFORM-1	The app uses IPC mechanisms securely	AC-04 SC-07 AC-03 CM-07 SI-10
MASVS-PLATFORM-2	The app uses WebViews securely	SI-10 SC-07 CM-07 SA-11 AC-04
MASVS-PLATFORM-3	The app uses the user interface securely	SC-04 AC-04 SI-11 PE-18
MASVS-PRIVACY-1	The app minimizes access to sensitive data and resources	PT-02 PM-25 AC-06 AC-03 PT-03
MASVS-PRIVACY-2	The app prevents identification of the user	PT-02 PT-06 PM-25 SA-08
MASVS-PRIVACY-3	The app is transparent about the collection and use of data	PT-04 PT-05 PT-03 PL-04
MASVS-PRIVACY-4	The app offers user control over their data	PT-04 PT-05 PT-06 AC-03 PT-03
MASVS-RESILIENCE-1	The app validates the integrity of the platform	SI-07 SI-06 SA-11 CM-14
MASVS-RESILIENCE-2	The app implements anti-tampering mechanisms	SI-07 SA-08 CM-14 SC-13
MASVS-RESILIENCE-3	The app implements anti-static analysis mechanisms	SA-08 SI-07 SC-13
MASVS-RESILIENCE-4	The app implements anti-dynamic analysis mechanisms	SA-08 SI-07 SC-13 SI-04
MASVS-STORAGE-1	The app securely stores sensitive data	SC-28 SC-12 SC-13 MP-06 AC-03
MASVS-STORAGE-2	The app prevents leakage of sensitive data	SC-04 SI-11 AU-02 AC-04 SC-28