MASVS-NETWORK

Checklists Updated (June 2025)

The checklists now include all MASTG tests, as well as updated mappings to the new MAS profiles.

MASVS-ID MASTG-TEST-ID Control / MASTG Test Platform L1 L2 R P Status
MASVS-NETWORK-1 The app secures all network traffic according to the current best practices.
MASTG-TEST-0235MASTG-TEST-0235 Android App Configurations Allowing Cleartext Traffic platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0236MASTG-TEST-0236 Cleartext Traffic Observed on the Network platform:network profile:L1 profile:L2 newstatus:new
MASTG-TEST-0283MASTG-TEST-0283 Incorrect Implementation of Server Hostname Verification platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0019MASTG-TEST-0019 Testing Data Encryption on the Network platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0286MASTG-TEST-0286 Network Security Configuration Allowing Trust in User-Provided CAs platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0282MASTG-TEST-0282 Unsafe Custom Trust Evaluation platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0218MASTG-TEST-0218 Insecure TLS Protocols in Network Traffic platform:network profile:L1 profile:L2 newstatus:new
MASTG-TEST-0284MASTG-TEST-0284 Incorrect SSL Error Handling in WebViews platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0023MASTG-TEST-0023 Testing the Security Provider platform:android profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0217MASTG-TEST-0217 Insecure TLS Protocols Explicitly Allowed in Code platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0239MASTG-TEST-0239 Using low-level APIs (e.g. Socket) to set up a custom HTTP connection platform:android profile:L1 profile:L2 placeholderstatus:placeholder
MASTG-TEST-0234MASTG-TEST-0234 Missing Implementation of Server Hostname Verification with SSLSockets platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0238MASTG-TEST-0238 Runtime Use of Network APIs Transmitting Cleartext Traffic platform:android profile:L1 profile:L2 placeholderstatus:placeholder
MASTG-TEST-0020MASTG-TEST-0020 Testing the TLS Settings platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0021MASTG-TEST-0021 Testing Endpoint Identify Verification platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0233MASTG-TEST-0233 Hardcoded HTTP URLs platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0285MASTG-TEST-0285 Outdated Android Version Allowing Trust in User-Provided CAs platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0237MASTG-TEST-0237 Cross-Platform Framework Configurations Allowing Cleartext Traffic platform:android profile:L1 profile:L2 placeholderstatus:placeholder
MASTG-TEST-0066MASTG-TEST-0066 Testing the TLS Settings platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0065MASTG-TEST-0065 Testing Data Encryption on the Network platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0067MASTG-TEST-0067 Testing Endpoint Identity Verification platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASVS-NETWORK-2 The app performs identity pinning for all remote endpoints under the developer's control.
MASTG-TEST-0242MASTG-TEST-0242 Missing Certificate Pinning in Network Security Configuration platform:android profile:L2 newstatus:new
MASTG-TEST-0022MASTG-TEST-0022 Testing Custom Certificate Stores and Certificate Pinning platform:android profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0243MASTG-TEST-0243 Expired Certificate Pins in the Network Security Configuration platform:android profile:L2 newstatus:new
MASTG-TEST-0244MASTG-TEST-0244 Missing Certificate Pinning in Network Traffic platform:network profile:L2 newstatus:new
MASTG-TEST-0068MASTG-TEST-0068 Testing Custom Certificate Stores and Certificate Pinning platform:ios profile:L2 update-pendingstatus:update-pending




OSZAR »