The Safe App Standard (Singapore)
Validate mobile applications against The Safe App Standard for mobile applications (apps), developed by the Cyber Security Agency of Singapore (CSA).
Risk Evaluate
Analyse the severity and potential impact of identified vulnerabilities.
MASVS Compliance
Validate mobile application security against the OWASP MASVS requirements, ensuring they meet industry-recognized security standards.
Security Optimization
Offer actionable recommendations to mitigate risks and bolster the mobile application's security posture.
Methodologies
VELOCITY integrates the MASVS to provide a structured approach to mobile application security testing. Our methodology encompasses:
- MASVS Levels: Tailor testing depth according to the MASVS levels – Standard Level (L1), Defense-in-Depth Level (L2), and Resiliency Against Reverse Engineering and Tampering (R).
- Static and Dynamic Analysis: Conduct SAST and DAST aligned with MASVS requirements to uncover a wide range of vulnerabilities.
- Manual Penetration Testing: Perform targeted attacks to identify and exploit vulnerabilities, with a focus on areas highlighted by the MASVS as critical.
- API Security Testing: Evaluate the security of backend APIs.
Testing Scope
Our mobile application security testing is comprehensive, covering all categories defined by MASVS, including, but is not limited to:
Data Storage and Privacy (MSTG-STORAGE):
Ensure secure storage and handling of data on the device and during transmission.
Authentication and Session Management (MSTG-AUTH):
Verify robust mechanisms for user authentication and session management.
Network Communication (MSTG-NETWORK):
Secure communication channels against interception and tampering.
Platform Interaction (MSTG-PLATFORM):
Assess the use of platform features and their impact on application security.
Data Encryption:
Evaluate the implementation of data encryption protocols to protect sensitive information.
Our Deliverables
Clients will receive a detailed report and ongoing technical support until all risks have been removed.
Executive Summary:
A high-level overview of the analysis process, key findings, and an executive risk summary.
Detailed Vulnerability Report:
In-depth descriptions of each identified vulnerability, including its location in the code, risk rating, potential impact, and evidence.
Compliance and Best Practices Review:
An assessment of the application’s adherence to industry security standards and recommendations for alignment with best practices.
Remediation Recommendations:
Step-by-step guidance for remediating identified vulnerabilities, along with suggestions for improving coding practices to enhance security.
Contact Us
Our team of experienced security professionals is committed to delivering actionable results to enhance your organisations security posture. Please click the ‘Contact Us’ button below to get in touch with our team.