🥇 MAS Advocates
MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word.
🥇 Being an “MAS Advocate” is the highest status that companies can achieve in the project acknowledging that they’ve gone above and beyond to support the project.
We will validate this status according to these categories:
- Showing Adoption: it should be clear just from looking at the official company page that they have adopted the OWASP MASVS and MASTG. For example:
- Services / Products
- Resources (e.g. blog posts, press releases, public pentest reports)
- Providing consistent high-impact contributions: by continuously supporting with time/dedicated resources with clear/high impact for the OWASP MAS project.
- Content Pull Requests (e.g. adding/upgrading existing tests, tooling, maintaining code samples, etc.)
- Technical PR reviews
- Improving automation (GitHub Actions)
- Upgrading, extending or creating new Crackmes
- Moderating GitHub Discussions
- Providing high-value feedback to the project and for special events such as the MASVS/MASTG refactoring.
- Spreading the word and promoting the project with many presentations each year, public trainings, high social media involvement (e.g. liking, re-sharing, doing own posting specifically to promote the project).
NOTE: You don’t need to fulfill each and every bullet point (they are examples). However, you must be able to clearly show the continuity of your contributions and high impact for the project. For example, to fulfill “2.” you could demonstrate that you’ve been sending high-impact Pull Request in the initial 6 months period and intend to continue to do so.
- Company logo displayed in our main READMEs and main OWASP project site.
- Linked blog posts in the MASTG will include the company name.
- Special acknowledgement on each MASTG release containing the contributed PRs.
- Re-shares from the OWASP MAS accounts on new publications (e.g. retweets).
- Initial public “Thank You” and yearly after successful renewal.
📝 How to Apply
If you’d like to apply please contact the project leaders by sending an email to Sven Schleier and Carlos Holguera who will validate your application. Please be sure to include sufficient evidence (usually in the form of a contribution report including URLs linking to the corresponding elements) showing what you’ve done in the 6 months period that goes inline with the three categories described above.
❗ Important Disclaimers
- If the “MAS Advocate” status is granted and you’d like to maintain it, the aforementioned contributions must remain consistent after the initial period as well. You should keep collecting this evidence and send us a contribution report yearly.
- Financial donations are not part of the eligibility criteria but will be listed for completion.
- Re-shared publications and blog posts linked in MASTG text must be educational and focus on mobile security or MASVS/MASTG and not endorse company products/services.
- Advocate Companies may use the logo and links to MASVS/MASTG resources as part of their communication but cannot use them as an endorsement by OWASP as a preferred provider of software and services.
- Example of what’s ok: list MAS Advocate status on website home page, in “about company” slides in sales presentations, on sales collateral.
- Example of what’s not ok: a MAS Advocate cannot claim they are OWASP certified.
- The quality of the application of the MASVS/MASTG by these companies has not been vetted by the MAS team.
The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters. MAS Advocates do not influence the content of the MASVS or MASTG in any way.
Our MAS Advocates
NowSecure has provided consistent high-impact contributions to the project and has successfully helped spread the word.
We’d like to thank NowSecure for its exemplary contribution which sets a blueprint for other potential contributors wanting to push the project forward.
NowSecure as a MASVS/MASTG Adopter
- Services / Products:
- NowSecure Debuts New OWASP MASVS Mobile Pen Tests
- NowSecure Platform for Automated Mobile Security Testing
- The Essential Guide to the OWASP Mobile Security Project
- Standards and Risk Assessment
- OWASP MASVS & MASTG Updates
- Intro to Mobile App Security
NowSecure’s Contributions to the MAS Project
High-impact Contributions (time/dedicated resources):
- Content PRs
- Technical Reviews for PRs
- Participation in GitHub Discussions
A special mention goes for the contribution to the MASVS Refactoring:
- Significant time investment to drive the discussions and create the proposals along with the community
- Testability Analysis
- Feedback on each category proposal
- Statistics from internal analysis
In the past, NowSecure has also contributed to the project, has sponsored it becoming a “God Mode Sponsor” and has donated the UnCrackable App for Android Level 4: Radare2 Pay.
Spreading the Word:
- Social media involvement: continuous Twitter and LinkedIn activity (see examples)
- Blog Posts:
- Integrate security into the mobile app software development lifecycle
- OWASP Mobile Security Testing Checklist Aids Compliance
- “Mobile Wanderlust”! Our journey to Version 2.0! (OWASP AppSec EU, Jun 10 2022)
- Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Toronto Chapter, Feb 10 2022)
- Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Virtual AppSec 2021, Nov 11 2021)
- Insiders Guide to Mobile AppSec with OWASP MASVS (OWASP Northern Virginia Chapter, Oct 8 2021)
- and more
Note: This contributor table is generated based on our GitHub contribution statistics. For more information on these stats, see the GitHub Repository README. We manually update the table, so be patient if you’re not listed immediately.
Top contributors have consistently contributed quality content and have at least 500 additions logged in the GitHub repository.
- Pawel Rzepa
- Francesco Stillavato
- Henry Hoggard
- Andreas Happe
- Kyle Benac
- Paulino Calderon
- Alexander Anthuk
- Caleb Kinney
- Abderrahmane Aftahi
- Koki Takeyama
- Wen Bin Kong
- Abdessamad Temmar
- Cláudio André
- Slawomir Kosowski
- Bolot Kerimbaev
- Lukasz Wierzbicki
Contributors have contributed quality content and have at least 50 additions logged in the GitHub repository. Their Github handle is listed below:
kryptoknight13, DarioI, luander, oguzhantopgul, Osipion, mpishu, pmilosev, isher-ux, thec00n, ssecteam, jay0301, magicansk, jinkunong, nick-epson, caitlinandrews, dharshin, raulsiles, righettod, karolpiateknet, mkaraoz, Sjord, bugwrangler, jasondoyle, joscandreu, yog3shsharma, ryantzj, rylyade1, shivsahni, diamonddocumentation, 51j0, AnnaSzk, hlhodges, legik, abjurato, serek8, mhelwig, locpv-ibl and ThunderSon.
Many other contributors have committed small amounts of content, such as a single word or sentence (less than 50 additions). Their Github handle is listed below:
jonasw234, zehuanli, jadeboer, Isopach, prabhant, jhscheer, meetinthemiddle-be, bet4it, aslamanver, juan-dambra, OWASP-Seoul, hduarte, TommyJ1994, forced-request, D00gs, vasconcedu, mehradn7, whoot, LucasParsy, DotDotSlashRepo, enovella, ionis111, vishalsodani, chame1eon, allRiceOnMe, crazykid95, Ralireza, Chan9390, tamariz-boop, abhaynayar, camgaertner, EhsanMashhadi, fujiokayu, decidedlygray, Ali-Yazdani, Fi5t, MatthiasGabriel, colman-mbuya and anyashka.
Reviewers have consistently provided useful feedback through GitHub issues and pull request comments.
- Jeroen Beckers
- Sjoerd Langkemper
- Anant Shrivastava
- Heaven Hodges
- Caitlin Andrews
- Nick Epson
- Anita Diamond
- Anna Szkudlarek
While both the MASVS and the MASTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MASTG in any way. The Donation Packages are described on our OWASP Project page.