[Owasp-leaders] OWASP Mobile Top Ten 2014 - M10 Datapoints

Andre Gironda andreg at gmail.com
Tue Nov 4 21:32:15 UTC 2014


This is not just about vendors, but technology choice. A prior work was
presented at OWASP AppSecUSA in 2011 from Ryan W Smith on "STAAF: an
Efficient Distributed Framework for Performing Large-Scale Android
Application Analysis".

Both the Mobile Top Ten and the ASVS mention binary-obfuscation technology
and anti debugging/reversing for mobile apps. Should these mentions be
removed? I want to say no but I am clearly less biased than Jonathan
Carter. By the way, I would like to take credit for adding this material to
the MT10. However, I did not add it to ASVS 2.0. Who did that and why?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/0a7a9c02/attachment.html>

More information about the OWASP-Leaders mailing list