OWASP mobile app security checklist
The OWASP community has been working on getting the latest risks incorporated. The top 10 list might change in 2016 according to what we see as the top risk by considering various factors. You should be able to see the yearly commentary by visiting https://www.owasp.org/index.php/Mobile2015Commentary.
The checklist can be found at https://drive.google.com/file/d/0BxOPagp1jPHWVnlzWGNVbFBMTW8/view.
Mobile app developers checklist
As we began this chapter with a security mind map, we will now go ahead and create a new checklist for assessment of any iOS and Android apps as follows:
Network Level | ||
---|---|---|
Certificate validation |
Certificate validation is not performed | |
Certificate pinning implementation |
No certificate pinning ... |
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.