Automation of MASVS with BDD

View the original Working Session content
  • The session has been focused on creating BDD tests to automated the OWASP MSTG test cases, in order to integrate those tests in the CI/CD pipeline*


The main outcome of the working sessions is a set of BDD tests for Android and iOS, using the MSTG playground and iOS iGoat as target apps. The repo with the developed tests cabn be found here.

Automation of MASVS with BDD

Synopsis and Takeaways (recommend)

We want to create a complete set of BDD tests, that will automate the OWASP MASVS. At the moment the BDD tests have been created using Calaba.sh as a third party framework, but the goal is to provide multiple solutions using also native frameworks

Identified Questions

  • Do we need an external framework (Appium, TestNG, Espresso), or is it better to create native tests?
  • Which third party tools do we need to expand the test cases (Frida ,Drozer etc)?

Important Conclusions

  • Develop new BDD tests following the MSTG is the way to go
  • Next activities:
    • Explore native solutions (iOS and Android) to write BDD tests
    • Expand the current tests

Working Materials (recommend)

References (recommend)

Additional/External References

Session organiser(s)

Sven Schleier Sven Schleier , Davide Cioccia Davide Cioccia


Carlos Holguera Carlos Holguera , Arne Zismer Arne Zismer , Clara Anel Mansilla Clara Anel Mansilla , Sven Schleier Sven Schleier , Xenofon Vassilakopoulos Xenofon Vassilakopoulos Ashraf Iftekhar Ashraf Iftekhar , Dougal Kennedy Dougal Kennedy , Prakash Sharma Prakash Sharma , Rohit Sangaraj Rohit Sangaraj , Sandeep Akula Sandeep Akula

Attached materials: