Mobile Application Security Testing (MAST) Working Group
Introduction to the Mobile Application Security Testing (MAST) Working Group
Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications.
Download the Mobile Application Security Testing (MAST) Working Group Charter
CSA released the MAST whitepaper which defines a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and best practices in the use of mobile applications. Mobile application security testing and vetting processes utilized through MAST involve both static and dynamic analyses to evaluate security issues of mobile applications for platforms such as Android, iOS and Windows. These processes cover permissions, exposed communications, potentially malicious functionalities, application collusions, obfuscations, excessive power consumptions and traditional software vulnerabilities. Testing and vetting processes will also cover internal communications such as debug flag and activities, as well as external communications such as Global Positioning System (GPS), Bluetooth, Near Field Communication (NFC) and Global System for Mobile communication (GSM) accesses. Apart from mobile application security testing and vetting, a mobile application security incident response plan will also be developed.
The initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management.
The initiative hopes that more research into mobile application security vetting and testing will help reduce the risk and security threats that organizations and individuals expose themselves to by using mobile applications.
Specific fields of action of the initiative could include:
- To develop a reference document that fits into the OCF framework/STAR
Program and is independent from proprietary / implementation details;
- To develop a testing / vetting toolkit (i.e. approval-rejection
basis) for mobile applications, including a framework of controls and
testing mechanisms based on the high level requirements included in
the MAST white paper.
- To determine whether CSA can develop a certification scheme for
mobile application security;
- To eventually develop a certification scheme for mobile application
security to be included in the CSA STAR Program.
Mobile Application Security Testing (MAST) Working Group Leadership
Mobile Application Security Testing (MAST) Working Group Initiatives
Open Peer Reviews
|Initiative Details||Close Date|
|June 25, 2018||Contribute now|
There are no working drafts at this time.
Thanks for your interest!
Your request to join Mobile Application Security Testing (MAST) has been recorded. Someone will be in touch with you soon with more instructions.
Mobile Application Security Testing (MAST) Working Group Downloads
The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…
Release Date: June 30, 2016