If you’ve ever talked infosec with me, you’ve no doubt noticed that I love the OWASP Top 10 Project. Every few years, they update their list of the 10 most significant web application security risks to help provide developers and security testers with guidance on how to protect web applications.
What you may not know is that they have a separate OWASP Mobile Security Project that tracks their top 10 list of mobile risks. The current list includes:
- M1 – Insecure Data Storage
- M2 – Weak Server Side Controls
- M3 – Insufficient Transport Layer Protection
- M4 – Client Side Injection
- M5 – Poor Authorization and Authentication
- M6 – Improper Session Handling
- M7 – Security Decisions Via Untrusted Inputs
- M8 – Side Channel Data Leakage
- M9 – Broken Cryptography
- M10 – Sensitive Information Disclosure
If you’re a mobile app developer, or if you work for a company that develops their own mobile apps. check it out. For the short version, you could check out their SlideShare presentation or watch their YouTube video.