Re: OWASP connection from Natasha Rooney on 2014-03-26 (public-web-mobile@w3.org from March 2014)

From: Natasha Rooney <nrooney@gsma.com>
Date: Wed, 26 Mar 2014 16:48:29 +0000
To: Brent Shambaugh <brent.shambaugh@gmail.com>, "public-web-mobile@w3.org" <public-web-mobile@w3.org>
Message-ID: <CF58B526.10687%nrooney@gsma.com>

Hey Brent!

I think this is a great idea! Please go ahead. Seems like a huge link to the identity topic and could help us out here.

Thanks so much for this!

Natasha Rooney | Web Technologist | GSMA | nrooney@gsma.com<mailto:nrooney@gsma.com> | +44 (0) 7730 219 765 | @thisNatasha | Skype: nrooney@gsm.org<mailto:nrooney@gsm.org>
7th Floor, 5 New Street Square, London EC4A 3BF


From: Brent Shambaugh <brent.shambaugh@gmail.com<mailto:brent.shambaugh@gmail.com>>
Date: Wednesday, 26 March 2014 17:45
To: W3C Webmob Public <public-web-mobile@w3.org<mailto:public-web-mobile@w3.org>>
Subject: Re: OWASP connection
Resent-From: W3C Webmob Public <public-web-mobile@w3.org<mailto:public-web-mobile@w3.org>>
Resent-Date: Wednesday, 26 March 2014 17:46

Interesting! Check out the "Top Ten Mobile Controls" tab.

Here are the headers in the document:

1. Identify and protect sensitive data on the mobile device<https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#section_control_1>

2. Handle password credentials securely on the device

3. Ensure sensitive data is protected in transit

4. Implement user authentication,authorization and session management correctly

5. Keep the backend APIs (services) and the platform (server) secure

6. Secure data integration with third party services and applications

7. Pay specific attention to the collection and storage of consent for the collection and use of the user's data

8. Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.) Risks:

9. Ensure secure distribution/provisioning of mobile applications

10. Carefully check any runtime interpretation of code for errors


On Wed, Mar 26, 2014 at 11:28 AM, Brent Shambaugh <brent.shambaugh@gmail.com<mailto:brent.shambaugh@gmail.com>> wrote:
Dear all,

Concerning security, I was talking to someone who could put me in touch with someone from OWASP. https://www.owasp.org/index.php/Main_Page.

For example, here is the OWASP Mobile Security Project
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks

Would it be helpful to pursue this further?

-Brent




This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.

Received on Wednesday, 26 March 2014 16:48:59 UTC