Difference between revisions of "OWASP Mobile Security Project"

Jump to: navigation, search
Line 12: Line 12:
==== Top Ten Mobile Controls ====
==== Top Ten Mobile Controls ====
{{:Projects/OWASP Mobile Security Project - Top Ten Mobile Controls| Top Ten Mobile Controls}}
{{:Projects/OWASP Mobile Security Project - Top Ten Mobile Controls And Design Principles| Top Ten Mobile Controls}}
==== Mobile Platforms ====
==== Mobile Platforms ====

Revision as of 03:48, 17 May 2011


What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Mobile Security Project (home page)
Purpose: Our primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
License: N/A
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

For Security Testers

Projects/OWASP Mobile Security Project - Security Testers

Secure Development Guidelines

Secure Mobile Development Guidelines Objective

The OWASP Secure Development Guidelines will provide developers with the knowledge they need to build secure mobile applications. An extendable framework will be provided that includes the core security flaws found across nearly all mobile platforms. It will be a living reference where contributors can plug in newly exposed APIs for various platforms and provide good/bad code examples along with remediation guidance for those issues.

Top Ten Mobile Risks

The Mobile Top Ten

In 2013, we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.

Mobile Top 10 2014.png

Our goals for the 2014 list included the following:

  • Updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc;
  • Generation of more data; and
  • A PDF release.

This list has been finalized after a 90-day feedback period from the community. Based on feedback, we intend on releasing a Mobile Top Ten 2015 list following a similar approach of collecting data, grouping the data in logical and consistent ways.

Feel free to visit the mailing list as well!

2015 Mobile Top Ten Analysis Results

Are you interested in what the data collection for the 2015 list looks like? Check out the final synthesis... Media:2015 Data Synthesis Results.pptx

We are fleshing out the new Mobile Top Ten at Projects/OWASP_Mobile_Security_Project_-2015_Scratchpad. Have a look.

Here is the original raw data: [Dropbox Data]

Top 10 Mobile Risks - Final List 2014

Project Leads, Credit, and Contributions

Project Methodology


  • The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  

Top Ten Mobile Controls

Projects/OWASP Mobile Security Project - Top Ten Mobile Controls And Design Principles

Mobile Platforms

Mobile Platforms

Coming soon...




Windows Phone 7

To contribute to this section, contact mike.zusman@owasp.org

Mobile Threat Model

Template:Mobile Threat Model