This is the official Github Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for black-box and white-box security tests, and to help ensure completeness and consistency of the tests.
To report and error or suggest an improvement, please create an issue.
Please read the author's guide first if you want to contribute.
The MSTG is an open source effort and we welcome contributions and feedback. To discuss the MASVS or MSTG join the OWASP Mobile Security Project Slack Channel. You can sign up here: