Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

A tool capable of bypassing easy root detection mechanisms by patching applications automatically (without frida).

OWASP Thick Client Application Security Verification Standard

Mobile Application Security Design Guide

Nutcracker is a powerful, modular and extensible framework designed for mobile security analysis and offensive threat intelligence. Detects and bypasses anti-root/RASP protections, analyzes insecure manifest conf, extracts hardcoded secrets and launches OSINT recon — all in one tool. aligned with MASVS for comprehensive security compliance.

Assessors Studio operationalizes CycloneDX Attestations (CDXA): perform assessments, collect evidence, make claims, and issue machine-readable CycloneDX attestations, optionally legally binding for B2B and B2G use cases.

Mobile Security Intelligence Platform - Transform mobile app security scans into actionable intelligence with static/dynamic analysis, framework detection, and OWASP MASVS mapping

Codex skill for evidence-based OWASP MASVS mobile app security reviews.

Enable organizations to create, manage, and issue CycloneDX machine-readable attestations for structured software transparency and compliance.

Web tool en Python para los controles de MASVS-Resilience