This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Mobile Security Project - Top Ten Mobile Risks"
From OWASP
Jason Haddix (talk | contribs) |
Jason Haddix (talk | contribs) |
||
| Line 17: | Line 17: | ||
|} | |} | ||
</center> | </center> | ||
| − | + | == About this list == | |
In 2013 we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape. | In 2013 we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape. | ||
| Line 30: | Line 30: | ||
| − | + | == Top 10 Mobile Risks - Re-Release Candidate 2014 v1.0 == | |
*[[Mobile_Top_10_2014-M1|M1: Weak Server Side Controls ]] | *[[Mobile_Top_10_2014-M1|M1: Weak Server Side Controls ]] | ||
*[[Mobile_Top_10_2014-M2|M2: Insecure Data Storage ]] | *[[Mobile_Top_10_2014-M2|M2: Insecure Data Storage ]] | ||
| Line 43: | Line 43: | ||
| − | == | + | == Project Leads, Credit, and Contributions == |
* ''' [[Mobile_Top_Contributions|Mobile Top Ten Contributions Page ]] ''' | * ''' [[Mobile_Top_Contributions|Mobile Top Ten Contributions Page ]] ''' | ||
| + | |||
| + | == Project Methodology == | ||
* '''We adhered loosely to the [https://www.owasp.org/index.php/Top_10_2013/ProjectMethodology OWASP Web Top Ten Project methodology]. ''' | * '''We adhered loosely to the [https://www.owasp.org/index.php/Top_10_2013/ProjectMethodology OWASP Web Top Ten Project methodology]. ''' | ||
| + | == Archive == | ||
* The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks. This list was initially released on September 23, 2011 at Appsec USA. | * The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks. This list was initially released on September 23, 2011 at Appsec USA. | ||
| Line 54: | Line 57: | ||
*** The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO] | *** The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO] | ||
*** [[Mobile_Top_10_2012|2011-12 Mobile Top Ten for archive purposes]] | *** [[Mobile_Top_10_2012|2011-12 Mobile Top Ten for archive purposes]] | ||
| + | __NOTOC__ | ||
Revision as of 06:47, 30 January 2014
About this list
In 2013 we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.
Our road-map for 2014 includes:
- More updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc.
- A PDF release.
This list is still a work in progress. We are small group doing this work and could use more help! If you are interested, please contact one of the project leads.
Top 10 Mobile Risks - Re-Release Candidate 2014 v1.0
- M1: Weak Server Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client Side Injection
- M8: Security Decisions Via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections
Project Leads, Credit, and Contributions
Project Methodology
- We adhered loosely to the OWASP Web Top Ten Project methodology.
Archive
- The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks. This list was initially released on September 23, 2011 at Appsec USA.
- The original presentation can be found here: SLIDES
- The corresponding video can be found here: VIDEO
- 2011-12 Mobile Top Ten for archive purposes
- The original presentation can be found here: SLIDES
