W3C home > Mailing lists > Public > public-web-mobile@w3.org > March 2014

Re: OWASP connection

From: Brent Shambaugh <brent.shambaugh@gmail.com>
Date: Wed, 26 Mar 2014 11:45:43 -0500
Message-ID: <CACvcBVrQfZH5KZf1ad4_nTqMAzcv2Wnfup03vEDHhFQA1kxMsQ@mail.gmail.com>
To: "public-web-mobile@w3.org" <public-web-mobile@w3.org>
Interesting! Check out the "Top Ten Mobile Controls" tab.

Here are the headers in the document:



















*1. Identify and protect sensitive data on the mobile device
<https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#section_control_1>2.
Handle password credentials securely on the device3. Ensure sensitive data
is protected in transit4. Implement user authentication,authorization and
session management correctly5. Keep the backend APIs (services) and the
platform (server) secure6. Secure data integration with third party
services and applications7. Pay specific attention to the collection and
storage of consent for the collection and use of the user's data8.
Implement controls to prevent unauthorized access to paid-for resources
(wallet, SMS, phone calls etc.) Risks:9. Ensure secure
distribution/provisioning of mobile applications10. Carefully check any
runtime interpretation of code for errors *


On Wed, Mar 26, 2014 at 11:28 AM, Brent Shambaugh <brent.shambaugh@gmail.com
> wrote:

> Dear all,
>
> Concerning security, I was talking to someone who could put me in touch
> with someone from OWASP. https://www.owasp.org/index.php/Main_Page.
>
> For example, here is the OWASP Mobile Security Project
>
> https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks
>
> Would it be helpful to pursue this further?
>
> -Brent
>
>
>
Received on Wednesday, 26 March 2014 16:46:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:59:03 UTC