Clarification on MASTG Test Selection and Level Dependencies (L1/L2) #2833

carloddt-oss · 2024-07-19T08:38:56Z

carloddt-oss
Jul 19, 2024

Hello and sorry in advance if this is a dumb question, but I'm struggling to figure out how to interpret some info from the MASTG.
When I select a test from the official link, there's another list of tests that pops up on the left menu (see the following image for clarity)

.
For example, if I select the MASTG-TEST-0001 test from the official link https://mas.owasp.org/MASTG/tests/android/MASVS-STORAGE/MASTG-TEST-0001/ on the left, I'll see these additional tests:

MASTG-TEST-0003: Testing Logs for Sensitive Data
MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services
MASTG-TEST-0005: Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
MASTG-TEST-0009: Testing Backups for Sensitive Data
MASTG-TEST-0011: Testing Memory for Sensitive Data
MASTG-TEST-0012: Testing the Device-Access-Security Policy

Are these tests "mandatory", just suggestions, or do they vary based on the L1 and L2 levels?
If they depend on the L1 and L2 levels, how do I know when and which ones to select based on the needs?
Thanks for any answers!

Answered by cpholguera

Aug 16, 2024

Hi @carloddt-oss and sorry for the late reply. It looks like you've selected an Android test from the MASVS-STORAGE category. If you scroll up, you'll see MASVS-STORAGE in the menu. The list you're looking at is the complete list of MASTG v1 tests related to MASVS-STORAGE. You can open the checklist view to see the levels.

https://mas.owasp.org/checklists/MASVS-STORAGE/

Note that these levels are only for MASVS V1 and are only for the transition period. You can of course use them.

We're currently on MASVS V2 and have started working on the new MASTG V2 tests, which are now available here:

https://mas.owasp.org/MASTG/tests-beta/

The list is small at the moment, but will grow as the year pr…

View full answer

cpholguera · 2024-08-16T18:39:28Z

cpholguera
Aug 16, 2024
Maintainer

Hi @carloddt-oss and sorry for the late reply. It looks like you've selected an Android test from the MASVS-STORAGE category. If you scroll up, you'll see MASVS-STORAGE in the menu. The list you're looking at is the complete list of MASTG v1 tests related to MASVS-STORAGE. You can open the checklist view to see the levels.

https://mas.owasp.org/checklists/MASVS-STORAGE/

Note that these levels are only for MASVS V1 and are only for the transition period. You can of course use them.

We're currently on MASVS V2 and have started working on the new MASTG V2 tests, which are now available here:

https://mas.owasp.org/MASTG/tests-beta/

The list is small at the moment, but will grow as the year progresses. Of course, we'll be porting all the V1 tests to this new style, which will improve their content and quality. Also be sure to check out the new demos available for the new tests, they're very insightful.

If you have any other questions, I'll be happy to help.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clarification on MASTG Test Selection and Level Dependencies (L1/L2) #2833

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

Clarification on MASTG Test Selection and Level Dependencies (L1/L2) #2833

carloddt-oss Jul 19, 2024

Replies: 1 comment

cpholguera Aug 16, 2024 Maintainer

carloddt-oss
Jul 19, 2024

cpholguera
Aug 16, 2024
Maintainer