{"id":171,"date":"2026-01-22T10:21:07","date_gmt":"2026-01-22T10:21:07","guid":{"rendered":"https:\/\/mobisec.uz\/?p=171"},"modified":"2026-01-22T10:31:20","modified_gmt":"2026-01-22T10:31:20","slug":"kirish-owasp-mastg-haqida","status":"publish","type":"post","link":"https:\/\/mobisec.uz\/index.php\/2026\/01\/22\/kirish-owasp-mastg-haqida\/","title":{"rendered":"Kirish. OWASP MASTG haqida."},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/mas.owasp.org\/assets\/mastg_cover.png\" alt=\"owasp-mastg-text\" style=\"object-fit:contain\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>OWASP MASTG<\/strong> \u2014 <em>OWASP Mobile Application Security Testing Guide<\/em> \u2014 bu <strong>mobil ilovalar xavfsizligini tekshirish<\/strong> uchun OWASP tomonidan yaratilgan <strong>bepul va ochiq qo\u2018llanma<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WASP MASTG nima?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">MASTG mobil ilovalarni (Android va iOS) <strong>qanday test qilish kerakligini amaliy tarzda<\/strong> ko\u2018rsatib beradigan qo\u2018llanma. U nazariya + real tekshiruv usullarini birlashtiradi.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udcc5 Yaratilgan va yangilangan sanalar<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MASTG \u2014 OWASP Mobile Application Security Testing Guide<\/strong> dastlabki versiyalari MSTG nomi bilan paydo bo\u2018lgan va OWASP jamoasi tomonidan <em>mobil ilovalar xavfsizligini test qilish bo\u2018yicha qo\u2018llanma<\/em> sifatida yaratilgan.<br>Dastlabki jamoa yangilangan release\u2019lar bilan 2021 yilda e\u2019lon qilingan.<\/li>\n\n\n\n<li><strong>Eng so\u2018nggi rasmiy versiya:<\/strong><br>GitHub bo\u2018yicha <strong>v1.7.0<\/strong> eng yangi reliz sanasi \u2014 <strong>31 oktyabr 2023<\/strong>. Bu talqin MASTG strukturini takomillashtirish va test bo\u2018limlarini yaxshilash bo\u2018yicha refaktor qilingan versiyadir.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 Oddiy qilib aytganda:<br>Initial qism 2021 yilda e\u2019lon qilingan, so\u2018nggi yangilanish esa 2023 yil oxirida (v1.7.0) chiqdi.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Kimlar uchun?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udd10 <strong>Pentesterlar<\/strong><\/li>\n\n\n\n<li>\ud83d\udc68\u200d\ud83d\udcbb <strong>Mobile developerlar<\/strong><\/li>\n\n\n\n<li>\ud83e\uddea <strong>Security engineer \/ QA<\/strong><\/li>\n\n\n\n<li>\ud83c\udfe2 <strong>AppSec jamoalar<\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">MASTG nimani o\u2018z ichiga oladi?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">U quyidagi asosiy bo\u2018limlardan iborat:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. <strong>General Testing<\/strong> (mobil OS ichki ishlashi va hujum sirtlarini aniqlash)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Threat modeling<\/li>\n\n\n\n<li>Attack surface aniqlash<\/li>\n\n\n\n<li>Reverse engineering asoslari<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. <strong>Platform-Specific<\/strong> (Android\/iOS xavfsizlik testlari)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udcf1 <strong>Android Security Testing<\/strong><\/li>\n\n\n\n<li>\ud83c\udf4e <strong>iOS Security Testing<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. <strong>Xavfsizlik yo\u2018nalishlari<\/strong> (HTTPS, sertifikat pinning, tokenlar, kriptografiya)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Local storage (SharedPreferences, Keychain, SQLite)<\/li>\n\n\n\n<li>Cryptography<\/li>\n\n\n\n<li>Authentication &amp; Session management<\/li>\n\n\n\n<li>Network security (MITM, TLS)<\/li>\n\n\n\n<li>Platform interaction (Intents, Deep links)<\/li>\n\n\n\n<li>Code tampering &amp; reverse engineering<\/li>\n\n\n\n<li>Anti-debugging, root\/jailbreak detection<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">4. <strong>Amaliy testlar<\/strong> (kodni tahlil qilish, runtime tekshiruvlari)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Qanday qilib test qilish<\/li>\n\n\n\n<li>Qaysi tool\u2019lar ishlatiladi (Frida, MobSF, jadx, objection va boshqalar)<\/li>\n\n\n\n<li>Real-world misollar<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">MASTG va MASVS farqi<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Bu juda muhim \ud83d\udc47<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MASVS<\/strong> \u2014 <em>\u201cNIMA talab qilinadi?\u201d<\/em> (xavfsizlik talablari)<\/li>\n\n\n\n<li><strong>MASTG<\/strong> \u2014 <em>\u201cQANDAY tekshiriladi?\u201d<\/em> (test qilish usullari)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 Odatda <strong>MASVS + MASTG birga ishlatiladi<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Qachon foydali?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile pentest qilayotganda<\/li>\n\n\n\n<li>Secure mobile app ishlab chiqayotganda<\/li>\n\n\n\n<li>Compliance \/ audit uchun<\/li>\n\n\n\n<li>Bug bounty\u2019da mobile target bo\u2018lsa<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OWASP MASTG \u2014 OWASP Mobile Application Security Testing Guide \u2014 bu mobil ilovalar xavfsizligini tekshirish uchun OWASP tomonidan yaratilgan bepul va ochiq qo\u2018llanma. WASP MASTG nima? MASTG mobil ilovalarni (Android va iOS) qanday test qilish kerakligini amaliy tarzda ko\u2018rsatib beradigan qo\u2018llanma. U nazariya + real tekshiruv usullarini birlashtiradi. \ud83d\udcc5 Yaratilgan va yangilangan sanalar \ud83d\udc49 Oddiy&#8230;<\/p>\n","protected":false},"author":1,"featured_media":176,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-entry-owasp-mastg"],"_links":{"self":[{"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/comments?post=171"}],"version-history":[{"count":7,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/posts\/171\/revisions"}],"predecessor-version":[{"id":179,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/posts\/171\/revisions\/179"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/media\/176"}],"wp:attachment":[{"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/media?parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/categories?post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mobisec.uz\/index.php\/wp-json\/wp\/v2\/tags?post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}