[Owasp-mobile-security-project] Mobile App Top 10 risks

James McGovern JMcGovern at virtusa.com
Tue Dec 14 13:26:52 EST 2010


This list rocks and would make a great foundation for starting other
conversations.  Do we collectively have thoughts around the following?

 

-          Are the keystores on phones of sufficient strength?

-          What level of crypto is practical on a mobile device?

-          Is an application any more/less secure on a jail broken
device? 

-          How can an application validate its integrity? Are there
equivalents to sealed objects/code signing/etc?

-          Can remote wipe capabilities also be exploited by
unauthorized folk?

-          What privacy constructs should exist in order for an
application to NOT leak location?

-          Do phones suffer from other attacks such as cold boot where
things in memory are longer lived?

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

  <http://www.virtusa.com/>    <http://www.virtusa.com/blog/>   
<https://twitter.com/VirtusaCorp>   
<http://www.linkedin.com/companies/virtusa>   
<http://www.facebook.com/VirtusaCorp> 

 

From: owasp-mobile-security-project-bounces at lists.owasp.org
[mailto:owasp-mobile-security-project-bounces at lists.owasp.org] On Behalf
Of Chris Wysopal
Sent: Tuesday, December 14, 2010 1:13 PM
To: owasp-mobile-security-project at lists.owasp.org
Subject: [Owasp-mobile-security-project] Mobile App Top 10 risks

 

 

Hi Everyone,

 

I recently published a Mobile App Top 10 risks list which is based on
research we have performed at Veracode.  I didn't see anyone doing this
type of research so I thought it would be a good start to publish our
own list.  I have been getting positive feedback and a couple of people
have come forward to point me to the OWASP Mobile Security Project, so
here I am.  

 

Here is some of the research Veracode has published in the mobile
security space.

 

The Mobile App Top 10 list: 

http://www.veracode.com/blog/2010/12/mobile-app-top-10-list/

 

Blackberry Spyware Demo: presentation and Blackberry source code:

http://www.veracode.com/blog/2010/02/is-your-blackberry-app-spying-on-yo
u/

 

Webinar on building secure mobile apps

http://www.veracode.com/blog/2009/07/the-challenges-of-developing-secure
-mobile-applications/

 

Cheers,

Chris

 

 


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: image002.gif
Url : https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: image003.gif
Url : https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: image004.gif
Url : https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: image005.gif
Url : https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20101214/a158e3e2/attachment-0007.gif 


More information about the Owasp-mobile-security-project mailing list