Mobile Application Security Testing (MAST) Working Group

Fill out the form below to view this webinar!

Introduction to the Mobile Application Security Testing (MAST) Working Group

Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications.

Download the Mobile Application Security Testing (MAST) Working Group Charter

Download

CSA released the MAST whitepaper which defines a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and best practices in the use of mobile applications. Mobile application security testing and vetting processes utilized through MAST involve both static and dynamic analyses to evaluate security issues of mobile applications for platforms such as Android, iOS and Windows. These processes cover permissions, exposed communications, potentially malicious functionalities, application collusions, obfuscations, excessive power consumptions and traditional software vulnerabilities. Testing and vetting processes will also cover internal communications such as debug flag and activities, as well as external communications such as Global Positioning System (GPS), Bluetooth, Near Field Communication (NFC) and Global System for Mobile communication (GSM) accesses. Apart from mobile application security testing and vetting, a mobile application security incident response plan will also be developed.

The initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management.

The initiative hopes that more research into mobile application security vetting and testing will help reduce the risk and security threats that organizations and individuals expose themselves to by using mobile applications.

PROJECT RESPONSIBILITIES

Specific fields of action of the initiative could include:

  • To develop a reference document that fits into the OCF framework/STAR
    Program and is independent from proprietary / implementation details;
  • To develop a testing / vetting toolkit (i.e. approval-rejection
    basis) for mobile applications, including a framework of controls and
    testing mechanisms based on the high level requirements included in
    the MAST white paper.
  • To determine whether CSA can develop a certification scheme for
    mobile application security;
  • To eventually develop a certification scheme for mobile application
    security to be included in the CSA STAR Program.

Mobile Application Security Testing (MAST) Working Group Leadership

Mobile Application Security Testing (MAST) Working Group Initiatives

Open Peer Reviews

Initiative Details Close Date

Mobile Application Security Testing (MAST) WG Charter

June 25, 2018 Contribute now

There are no working drafts at this time.

Want to contribute to the Mobile Application Security Testing (MAST) Working Group?

Fill out the form below to join today!


Other:

Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:







Indicates a required field.

If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Mobile Application Security Testing (MAST) has been recorded. Someone will be in touch with you soon with more instructions.

Mobile Application Security Testing (MAST) Working Group Downloads

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016