The OWASP Mobile Top Ten
Submitted by Shruthi Kamath (@shruthikamath) on Sunday, 2 August 2015
This section covers the top 10 vulnerabilities of mobile
The top 10 covers the following:
M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections
Laptop with admin privileges.
Minimum 10 GB of free space.
Minimum 4 GB RAM.
Any of the following Operating Systems:
a. OS X
b. Win 7 and above
1.Must have VM Player or VirtualBox installed on their machines.
2.The vulnerable APKs will be shared at the venue.
Apoorva works as a Security Analyst with iViZ Security (a Cigital company). She is the co-founder of InfoSec Girls, a community that aims to encourage more women to enter the domain of Information Security. She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014 at Kochi, Kerala. She’s an active member of Null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application. She is currently working on Mobile Application security.
Her contact information is below:
Email id: firstname.lastname@example.org | Twitter: @cedricfanapoo | Website: https://infosecgirls.in
Shruthi works as a Security Analyst at Infosys Limited. She is the co-founder of InfoSec Girls. She is a certified Ethical Hacker from EC Council. She’s an active member of Null/OWASP Bangalore Chapter. She is passionate about learning new things. Her interest in InfoSec lies in web application security. She has spoken at security conference like c0c0n and null meets. She has been a part of Jailbreak NULLCON 2014. She presented a talk on “Cybercrimes in India and its Mitigation” at the National Conference for Women Police held at Trivandrum
Email id: email@example.com | Twitter: @shruthikamath30 | Website: https://infosecgirls.in