Creating an IoT-connected Mobile App Compliance Program Using OWASP MASVS

Explore the creation of an IoT-connected mobile app compliance program leveraging the OWASP MASVS in this 30-minute conference talk. Delve into the collaboration between Google, NowSecure, Amazon, and other IoT device manufacturers as part of the ioXt Alliance to develop a mobile app protection profile for security certification of IoT-connected mobile apps. Learn about the journey of creating this unique certification program, launched in April 2021, and discover how to establish your own security testing program for mobile apps connected to IoT devices. Gain insights into the OWASP MASVS specification, the ultimate guide for mobile app security, and understand its application in the IoT context. The talk covers topics such as mobile app security, IoT testing guides, certification stacks, standards, resources, and benchmarks, providing a comprehensive overview of this emerging field in mobile and IoT security.

Introduction
OS Mobile Project Update
MASVS rebranding
Mobile App Security
IoT Connected Mobile Apps
What do we do
Objective
Building from Scratch
Levels of Security
Application Profile
IoT Testing Guide
IoT Certification Stack Diagram
IoT Certifications
IoT Standards
Resources
Benchmarks
Wrapup