Difference between revisions of "Projects/OWASP Mobile Security Project - Top Ten Mobile Risks"

From OWASP
Jump to: navigation, search
m (Created page with '== Top 10 mobile risks == # Insecure or unnecessary client-side data storage # Lack of data protection in transit # Personal data leakage # Failure to protect resources with str…')
 
(22 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Top 10 mobile risks ==
+
== About this list  ==
  
# Insecure or unnecessary client-side data storage
+
'''An effort to refresh the Top 10 for 2013 is currently underway. Details can be found here: [http://owasp.blogspot.com/2013/05/2013-owasp-mobile-top-10-call-for-data.html OWASP Mobile Top 10 Call For Data]'''
# Lack of data protection in transit
+
 
# Personal data leakage
+
The list below is release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  
# Failure to protect resources with strong authentication
+
 
# Failure to implement least privilege authorization policy
+
The original presentation can be found here:&nbsp;[http://www.slideshare.net/JackMannino/owasp-top-10-mobile-risks SLIDES]<br>
# Client-side injection
+
 
# Client-side DOS
+
The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO]
# Malicious third-party code
+
 
# Client-side buffer overflow
+
== Top 10 Mobile Risks, Release Candidate v1.0 ==
# Failure to apply server-side controls
+
[[File:Topten.png|right|550px]]
 +
*[[Mobile_Top_10_2012-M1|M1: Insecure Data Storage ]]
 +
*[[Mobile_Top_10_2012-M2|M2: Weak Server Side Controls ]]
 +
*[[Mobile_Top_10_2012-M3|M3: Insufficient Transport Layer Protection ]]
 +
*[[Mobile_Top_10_2012-M4|M4: Client Side Injection ]]
 +
*[[Mobile_Top_10_2012-M5|M5: Poor Authorization and Authentication ]]
 +
*[[Mobile_Top_10_2012-M6|M6: Improper Session Handling ]]
 +
*[[Mobile_Top_10_2012-M7|M7: Security Decisions Via Untrusted Inputs ]]
 +
*[[Mobile_Top_10_2012-M8|M8: Side Channel Data Leakage ]]
 +
*[[Mobile_Top_10_2012-M9|M9: Broken Cryptography ]]
 +
*[[Mobile_Top_10_2012-M10|M10: Sensitive Information Disclosure ]]
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
== MTT Contributors==
 +
 
 +
*[[Mobile_Top_Contributions|Mobile Top Ten Contributions Page ]]

Revision as of 13:07, 12 November 2013

About this list

An effort to refresh the Top 10 for 2013 is currently underway. Details can be found here: OWASP Mobile Top 10 Call For Data

The list below is release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  

The original presentation can be found here: SLIDES

The corresponding video can be found here: VIDEO

Top 10 Mobile Risks, Release Candidate v1.0

Topten.png







MTT Contributors