Guidelines for testing and securing mobile apps
There are multiple organizations providing guidelines for testing and securing mobile apps. The most common ones include OWASP Mobile Top 10 and Veracode Mobile App Top 10. Additionally, there are also guidelines from Google itself on how to secure Android apps by showing examples of what not to do. Having knowledge on these guidelines is important in order to understand what to look for during a penetration test.
Let's have a brief look at OWASP Mobile Top 10 Vulnerabilities.
OWASP Top 10 Mobile Risks (2014)
The following diagram shows the OWASP Top 10 Mobile Risks, which is a list of top 10 mobile app vulnerabilities released in 2014. This is the latest list as of writing this book:
The following are ...