Mobile Application Security Testing (MAST) Working Group

Fill out the form below to view this webinar!

Introduction to the Mobile Application Security Testing (MAST) Working Group

Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications.

Download the Mobile Application Security Testing (MAST) Working Group Charter

Download

CSA released the MAST whitepaper which defines a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and best practices in the use of mobile applications. Mobile application security testing and vetting processes utilized through MAST involve both static and dynamic analyses to evaluate security issues of mobile applications for platforms such as Android, iOS and Windows. These processes cover permissions, exposed communications, potentially malicious functionalities, application collusions, obfuscations, excessive power consumptions and traditional software vulnerabilities. Testing and vetting processes will also cover internal communications such as debug flag and activities, as well as external communications such as Global Positioning System (GPS), Bluetooth, Near Field Communication (NFC) and Global System for Mobile communication (GSM) accesses. Apart from mobile application security testing and vetting, a mobile application security incident response plan will also be developed.

The initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management.

The initiative hopes that more research into mobile application security vetting and testing will help reduce the risk and security threats that organizations and individuals expose themselves to by using mobile applications.

PROJECT RESPONSIBILITIES

Specific fields of action of the initiative could include:

  • To develop a reference document that fits into the OCF framework/STAR
    Program and is independent from proprietary / implementation details;
  • To develop a testing / vetting toolkit (i.e. approval-rejection
    basis) for mobile applications, including a framework of controls and
    testing mechanisms based on the high level requirements included in
    the MAST white paper.
  • To determine whether CSA can develop a certification scheme for
    mobile application security;
  • To eventually develop a certification scheme for mobile application
    security to be included in the CSA STAR Program.

Mobile Application Security Testing (MAST) Working Group Leadership

Mobile Application Security Testing (MAST) Co-chairs

Henry Hu

Henry Hu

Henry Hu, has over 20 years of experience in Cyber Security Industry, with expertise in security data analytic, malware analysis, digital forensic and audit, is one of the few who has expertise both in cyber security and big data area.

With experience cross different projects including financial institution’s security framework and product integration, SOC installation and operation, database and ISO audit, secured Hadoop planning and installation, he is currently researching into rapid security data analytic and alternative data visualization for security data. Mr. Hu is current the CTO for Auriga Security, Inc, Board Member of Cloud Security Alliance Taiwan Chapter, and Chief Research Officer for OWASP Taiwan Chapter.

Li Yao

Li Yao

Li Yao is the head of R&D Department at CEPREI Certification Body. He graduated from the University of Edinburgh with master’s degree in Signal Processing and Communication. He leads a team developed CSA C-STAR Assessment together with CSA experts.

He has more than 10 years of information security and IT experience, helping several FortuneChina 500 enterprises architect cloud security and audited leading companies such as Huawei, Inspur, Pingan to improve their security management. He was awarded the 2015 Cloud Security Ninja Award by the Cloud Security Alliance for his contributions to cloud security research. He is a member of ISO CASCO WG45, a CCSK, CCSSP, CSACT, ITIL and ISO/IEC 27001 auditor, ISO 22301 auditor, ISO 9000 auditor.

Mobile Application Security Testing (MAST) Working Group Initiatives

Please contact Mobile Application Security Testing (MAST) Working Group Leadership for more information.

Want to contribute to the Mobile Application Security Testing (MAST) Working Group?

Fill out the form below to join today!


Other:

Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:







Indicates a required field.

If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Mobile Application Security Testing (MAST) has been recorded. Someone will be in touch with you soon with more instructions.

Mobile Application Security Testing (MAST) Working Group Downloads

Mobile Application Security Testing (MAST) – Charter

Description: Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise.

Release Date: July 24, 2018

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016