@@ -29,13 +29,15 @@ permalink: /draft/implementation/mas_weakness_enumeration/
2929The OWASP [ Mobile Application Security] [ masproject ] (MAS) flagship project provides
3030industry standards for mobile application security.
3131
32- The OWASP MASWE project ...
32+ The OWASP [ MASWE] [ maswe ] project is one of the tools provided by MAS,
33+ and provides a list of weaknesses that have been found in various mobile applications.
3334
3435#### What is the MASWE?
3536
36- The MAS Weakness Enumeration ...
37+ The MAS [ Weakness Enumeration] [ maswe ] lists weaknesses, and therefore potential vulnerabilities,
38+ that have been found in various mobile applications over time.
3739
38- The MASWE is split out into weakness categories that match the MASVS verification categories:
40+ The MASWE is split out into weakness categories that correspond to the [ MASVS] [ masvs ] verification categories:
3941
4042* [ MASVS-STORAGE] ( https://mas.owasp.org/MASWE/MASVS-STORAGE/MASWE-0001/ ) sensitive data storage
4143* [ MASVS-CRYPTO] ( https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0009/ ) cryptography best practices
@@ -48,26 +50,50 @@ The MASWE is split out into weakness categories that match the MASVS verificatio
4850
4951#### Why use it?
5052
53+ Although the MASWE is a relatively new project from 2024, it already provides a common language
54+ when discussing and categorizing weaknesses found in mobile applications.
55+ It also provides a list of potential vulnerabilities that should be considered during the design lifecycle
56+ and when creating or revising security requirements for mobile applications.
57+
58+ The MASWE is a valuable list of what can go wrong with mobile applications along with the activities of malicious actors.
59+
5160#### How to use it
5261
62+ The Common Weakness Enumeration ([ CWE] [ cwe ] ), published by Mitre, can be used by security architects
63+ so they are aware of what weaknesses and potential vulnerabilities that could be present in an application.
64+ Development teams can use the CWE as a reference to these weaknesses and to help understanding of any mitigations.
65+ These are just two examples of how the CWE is widely used.
66+
67+ In a similar way the MASWE can be used in the development of mobile applications :
68+
69+ * inform development teams of specific weaknesses
70+ * identification of security requirements
71+ * used as a training aid
72+ * provide categorization of weaknesses
73+
74+ This list is just a starting point; there are many uses for the MASWE.
75+
5376#### References
5477
5578* Mobile Application Security ([ MAS] [ masproject ] ) project
56- * MAS [ Checklist ] [ masc ]
57- * MAS Testing Guide ( [ MASTG ] [ mastg ] )
79+ * MAS Weakness Enumeration ( [ MASWE ] [ maswe ] )
80+ * Mitre Common Weakness Enumeration ( [ CWE ] [ cwe ] )
5881* MAS Verification Standard ([ MASVS] [ masvs ] )
82+ * MAS [ Checklist] [ masc ]
5983* MAS Testing Guide ([ MASTG] [ mastg ] )
6084
6185----
6286
6387The OWASP Developer Guide is a community effort; if there is something that needs changing
6488then [ submit an issue] [ issue0704 ] or [ edit on GitHub] [ edit0704 ] .
6589
90+ [ cwe ] : https://cwe.mitre.org/
6691[ edit0704 ] : https://github.com/OWASP/www-project-developer-guide/blob/main/draft/07-implementation/04-maswe.md
67- [ issue0704 ] : https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-design/07 -implementation/04-maswe
92+ [ issue0704 ] : https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2007 -implementation/04-maswe
6893[ masproject ] : https://owasp.org/www-project-mobile-app-security/
6994[ masc ] : https://mas.owasp.org/checklists/
7095[ mastg ] : https://mas.owasp.org/MASTG/
96+ [ maswe ] : https://mas.owasp.org/MASWE/
7197[ masvs ] : https://mas.owasp.org/MASVS/
7298
7399\newpage
0 commit comments