Difference between revisions of "OWASP Mobile Security Project"

Jump to: navigation, search
Line 12: Line 12:
==== Top Ten Mobile Controls ====
==== Top Ten Mobile Controls ====
{{:Projects/OWASP Mobile Security Project - Top Ten Mobile Controls| Top Ten Mobile Controls}}
{{:Projects/OWASP Mobile Security Project - Top Ten Mobile Controls And Design Principles| Top Ten Mobile Controls}}
==== Mobile Platforms ====
==== Mobile Platforms ====

Revision as of 04:48, 17 May 2011


What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Mobile Security Project (home page)
Purpose: Our primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
License: N/A
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

For Security Testers

Projects/OWASP Mobile Security Project - Security Testers

Secure Development Guidelines

Secure Mobile Development Guidelines Objective

The OWASP Secure Development Guidelines will provide developers with the knowledge they need to build secure mobile applications. An extendable framework will be provided that includes the core security flaws found across nearly all mobile platforms. It will be a living reference where contributors can plug in newly exposed APIs for various platforms and provide good/bad code examples along with remediation guidance for those issues.

Top Ten Mobile Risks

About this list

In 2013 we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.

Our road-map for 2014 includes:

2014-01-26 20-23-29.png
  • More updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc.
  • A PDF release.

This list is still a work in progress. We are small group doing this work and could use more help! If you are interested, please contact one of the project leads.

Feel free to visit the mailing list as well!

Top 10 Mobile Risks - Re-Release Candidate 2014 v1.0

Project Leads, Credit, and Contributions

Project Methodology


  • The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  

Top Ten Mobile Controls

Projects/OWASP Mobile Security Project - Top Ten Mobile Controls And Design Principles

Mobile Platforms

Mobile Platforms

Coming soon...




Windows Phone 7

To contribute to this section, contact mike.zusman@owasp.org

Mobile Threat Model

Template:Mobile Threat Model