- From: Brent Shambaugh <brent.shambaugh@gmail.com>
- Date: Wed, 26 Mar 2014 11:45:43 -0500
- To: "public-web-mobile@w3.org" <public-web-mobile@w3.org>
- Message-ID: <CACvcBVrQfZH5KZf1ad4_nTqMAzcv2Wnfup03vEDHhFQA1kxMsQ@mail.gmail.com>
Interesting! Check out the "Top Ten Mobile Controls" tab. Here are the headers in the document: *1. Identify and protect sensitive data on the mobile device <https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#section_control_1>2. Handle password credentials securely on the device3. Ensure sensitive data is protected in transit4. Implement user authentication,authorization and session management correctly5. Keep the backend APIs (services) and the platform (server) secure6. Secure data integration with third party services and applications7. Pay specific attention to the collection and storage of consent for the collection and use of the user's data8. Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.) Risks:9. Ensure secure distribution/provisioning of mobile applications10. Carefully check any runtime interpretation of code for errors * On Wed, Mar 26, 2014 at 11:28 AM, Brent Shambaugh <brent.shambaugh@gmail.com > wrote: > Dear all, > > Concerning security, I was talking to someone who could put me in touch > with someone from OWASP. https://www.owasp.org/index.php/Main_Page. > > For example, here is the OWASP Mobile Security Project > > https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks > > Would it be helpful to pursue this further? > > -Brent > > >
Received on Wednesday, 26 March 2014 16:46:11 UTC