Difference between revisions of "Projects/OWASP Mobile Security Project - Top Ten Mobile Risks"

From OWASP
Jump to: navigation, search
m (Created page with '== Top 10 mobile risks == # Insecure or unnecessary client-side data storage # Lack of data protection in transit # Personal data leakage # Failure to protect resources with str…')
 
(18 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Top 10 mobile risks ==
+
== About this list  ==
  
# Insecure or unnecessary client-side data storage
+
The list below is release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  An  update will be initiated in March-April of 2013.
# Lack of data protection in transit
+
 
# Personal data leakage
+
The original presentation can be found here:&nbsp;[http://www.slideshare.net/JackMannino/owasp-top-10-mobile-risks SLIDES]<br>
# Failure to protect resources with strong authentication
+
 
# Failure to implement least privilege authorization policy
+
The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO]
# Client-side injection
+
 
# Client-side DOS
+
== Top 10 Mobile Risks, Release Candidate v1.0 ==
# Malicious third-party code
+
[[File:Topten.png|right|550px]]
# Client-side buffer overflow
+
*[[Mobile_Top_10_2012-M1|M1: Insecure Data Storage ]]
# Failure to apply server-side controls
+
*[[Mobile_Top_10_2012-M2|M2: Weak Server Side Controls ]]
 +
*[[Mobile_Top_10_2012-M3|M3: Insufficient Transport Layer Protection ]]
 +
*[[Mobile_Top_10_2012-M4|M4: Client Side Injection ]]
 +
*[[Mobile_Top_10_2012-M5|M5: Poor Authorization and Authentication ]]
 +
*[[Mobile_Top_10_2012-M6|M6: Improper Session Handling ]]
 +
*[[Mobile_Top_10_2012-M7|M7: Security Decisions Via Untrusted Inputs ]]
 +
*[[Mobile_Top_10_2012-M8|M8: Side Channel Data Leakage ]]
 +
*[[Mobile_Top_10_2012-M9|M9: Broken Cryptography ]]
 +
*[[Mobile_Top_10_2012-M10|M10: Sensitive Information Disclosure ]]

Revision as of 00:11, 5 March 2013

About this list

The list below is release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  An update will be initiated in March-April of 2013.

The original presentation can be found here: SLIDES

The corresponding video can be found here: VIDEO

Top 10 Mobile Risks, Release Candidate v1.0

Topten.png