Financial Applications Features - Security Guidelines (FAFSG) is a set of two FREE checklists created to provide guidelines on the security features which you can implement to make your mobile app more secure. It is meant for continuous development as well as use in current application improvements.

Financial Applications Features Security Guidelines


Łukasz Bobrek (lukasz.bobrek@securing.pl)


Financial Applications Features - Security Guidelines (FAFSG) is a set of two FREE checklists created to provide guidelines on the security features which you can implement to make your mobile app more secure. It is meant for continuous development as well as use in current application improvements.

The project is based on the actual state of banking applications, but keep in mind that FAFSG is not a technical standard. It does not cover implementation guildelines and quality of the proposed features. For such guidelines, please refer to OWASP ASVS for web applications and OWASP MASVS for mobile applications.


The goal of FAFSG is to help to make security decisions for developers, architects, reviewers and vendors in order to implement essential security features in financial applications. Those features would help to protect users data and increase overall security of the application.

Use cases

You can use the FAFSG checklist in multiple ways:

  • As a starting point for application design phase.
  • As a measure of application security and maturity.
  • As a formal security features list for third parties developing the application for you.
  • To point areas which need further development in regards to security.

The entire checklist is in a form similar to OWASP APPLICATION SECURITY VERIFICATION STANDARD v4.0. Every category has a brief description of the control objectives and a list of security features verification requirements.

Download FASVS PDF version

Key areas that have been included:

Web applications

Mobile applications

Contribution ❤️

All kinds of suggestions and requests are highly appreciated! If you want to improve the project in any way - please contact me on Linkedin or Twitter. Also, pull requests are more than welcome!

Special thanks 👏


This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.