Projects/OWASP Mobile Security Project - Top Ten Mobile Risks
About this list
In 2013 we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.
Our road-map for 2014 includes:
- More updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc.
- A PDF release.
This list is still a work in progress. We are small group doing this work and could use more help! If you are interested, please contact one of the project leads.
Top 10 Mobile Risks - Re-Release Candidate 2014 v1.0
- M1: Weak Server Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client Side Injection
- M8: Security Decisions Via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections
- We adhered loosely to the OWASP Web Top Ten Project methodology.
- The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks. This list was initially released on September 23, 2011 at Appsec USA.