Cloud Security Alliance Releases Mobile Application Security Testing Initiative

White Paper Ready for Peer Review

SINGAPORE – December 2, 2015 - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Mobile Application Security Testing Working Group released a new white paper that incorporates elements from NIST’s SP 800-163, ISO 27034, from Domain 10 of CSA’s Security Guidance (Application Security), as well as other best practices documents.

The goal of the project strives to create a more secured cloud ecosystem to protect mobile applications. Engineering methods are established by system protection and applied to structure, design testing, and review of applications. These assist in integrations and introduce security, quality control, and compliable evidence in mobile application development and management.

The current version uses Special Publication 800-163 as the basis of consideration in determining the classification level for basic security vetting specifications. Security classification can be divided into three categories. Level C has 40 items, any single violation results in one point deduction. Consecutive violations of certain Level C items will be escalated to become a Level B violation. The same rule applies to Level A similarly.

The vetting benchmark provides the third party institution related application security vetting, vetting result analysis, and security risk assessment for mobile Apps and their corresponding security level rating, by which mobile app security level are perfected.

The vetting standard complies with CSA’s Mobile APP Security Testing and Vetting (MAST) to provide the necessary security vetting items and benchmarks for mobile apps. This vetting standard can be applied to the common functionalities of mobile apps of non-specific domain to ensure the tested mobile app’s conformance to the Mobile APP Basic Information Security Specifications security classification and corresponding security requirement. Differentiations between the information security specifications required by the domain functionalities of specific domain mobile apps and the vetting standard are suggested to be researched and written in the later revised versions.

The project wishes to conduct more research in mobile application security vetting; the efforts help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications.

Learn more

If you wish to contribute your opinions and comments, put them in this document and send it back to us at [email protected]. Please remember to fill in your name, organization and email when making your contributions so that you can be properly recognized as one of the contributors to the white paper.

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.


Kari Walker
ZAG Communications
[email protected]

Share this content on your favorite social network today!