Архив метки: mobile testing

OWASP Mobile Security Project and its defined Top 10 Mobile Risks

Let me introduce the OWASP (Open Web Application Security Project) — worldwide not-for-profit charitable organization focused on improving the security of software.

These guys are investigating the quality of software, not only web- or mobile-apps, and their site contain tonns of useful info for everyone interested in security testing.

Today I would like to tell about one of their projects — OWASP Mobile Security Project.
As it coming from the name of project — it’s about security of mobile OS (like Android or iOS), applications and devices itself.

OWASP had defined  Top 10 Mobile Risks that applicable to any mobile platform:


They’ve also provided comprehensive description per each risk, so if you’re curious about what they mean, click on the image above or per links below:

Also, a full Risks description, including examples of vulnerable code, available at this presentation: Owasp_top_10_mobile_risks.pdf

In addition, OWASP maintains and distributes a check list to go through the system under test, it can be used in the work: OWASP Mobile App Checklist v1.0.pdf