[Global_industry_committee] W3C Mobile Web Application Best Practices - Working Draft

Colin Watson colin.watson at owasp.org
Tue May 26 13:44:54 EDT 2009

>From the OWASP RSS feed:

Mobile Web Application Best Practices Draft Published
21 May 2009 17:53

    Shared by  Moderated AppSec Feed - OWASP Foundation

    On the plus side, they say not to eval() untrusted Javascript.
Unfortunately, they forgot about authentication, access control, input
validation, output escaping, encryption, CSRF, session management, and
everything else.

2009-05-07: The Mobile Web Best Practices Working Group has published
a Working Draft of Mobile Web Application Best Practices. This
document specifies Best Practices for the development and delivery of
Web applications on mobile devices. The recommendations expand upon
statements made in the Mobile Web Best Practices 1.0 (BP1), especially
those that relate to the exploitation of device capabilities and
awareness of the delivery context. Learn more about the Mobile Web
Initiative Activity.

I don't know who made the comment, but does anyone have time to take
this one on and create a response?



More information about the Global_industry_committee mailing list