When reading articles about mobile security, you may have come across the acronym OWASP and wondered, what is OWASP? Simply, OWASP is a non-profit organization known as the Open Web Application Security Project, and has a main website at http://www.owasp.org.
Established in 2004, this organization lists their core purpose as the following:
“Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. ”
The organization has board members and contributors that work on several key security issues and projects. One of their ongoing projects is the OWASP Mobile Security Project. Within this project, they have crafted a mobile security top 10:
Top 10 Mobile Risks – Final List 2014
M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections
Our cloud-based scanning app searches for the presence of the above listed risks and you may have seen a reference to one of the above mentioned risks.
Another project that OWASP actively contributes to is the Secure Mobile Development project. This project aims to offer guidance for app developers and help eliminate potential areas of weakness.