OWASP Mobile Security Project

If you’ve ever talked infosec with me, you’ve no doubt noticed that I love the OWASP Top 10 Project. Every few years, they update their list of the 10 most significant web application security risks to help provide developers and security testers with guidance on how to protect web applications.

What you may not know is that they have a separate OWASP Mobile Security Project that tracks their top 10 list of mobile risks. The current list includes:

  1. M1 – Insecure Data Storage
  2. M2 – Weak Server Side Controls
  3. M3 – Insufficient Transport Layer Protection
  4. M4 – Client Side Injection
  5. M5 – Poor Authorization and Authentication
  6. M6 – Improper Session Handling
  7. M7 – Security Decisions Via Untrusted Inputs
  8. M8 – Side Channel Data Leakage
  9. M9 – Broken Cryptography
  10. M10 – Sensitive Information Disclosure

If you’re a mobile app developer, or if you work for a company that develops their own mobile apps. check it out. For the short version, you could check out their SlideShare presentation or watch their YouTube video.

OWASP Mobile Top 10 Risks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s