GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → netguru → mobile-security-review

netguru / mobile-security-review

Licence: CC-BY-SA-4.0 License
Security review guidelines for mobile projects

Labels

androidsecurityiosowasp

Projects that are alternatives of or similar to mobile-security-review

OWASP-Calculator
🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
Stars: ✭ 109 (+1111.11%)
Mutual labels:  owasp
cyclonedx-python
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.
Stars: ✭ 78 (+766.67%)
Mutual labels:  owasp
owtf-docker
Docker repository for OWTF (64-bit Kali)
Stars: ✭ 32 (+255.56%)
Mutual labels:  owasp
Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
Stars: ✭ 82 (+811.11%)
Mutual labels:  owasp
cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
Stars: ✭ 20 (+122.22%)
Mutual labels:  owasp
containers-security-project
A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)
Stars: ✭ 25 (+177.78%)
Mutual labels:  owasp
aks-baseline-regulated
This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.
Stars: ✭ 73 (+711.11%)
Mutual labels:  owasp
juice-shop-ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (+3088.89%)
Mutual labels:  owasp
ftw
Framework for Testing WAFs (FTW!)
Stars: ✭ 106 (+1077.78%)
Mutual labels:  owasp
kube-owasp-zap
Owasp Zap chart for Kubernetes
Stars: ✭ 38 (+322.22%)
Mutual labels:  owasp
owasp-zap-jwt-addon
OWASP ZAP addon for finding vulnerabilities in JWT Implementations
Stars: ✭ 23 (+155.56%)
Mutual labels:  owasp
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+7388.89%)
Mutual labels:  owasp
poc-jwt
POC about usage of JSON Web Tokens (JWT) in a secure way.
Stars: ✭ 18 (+100%)
Mutual labels:  owasp
dotnet-security-unit-tests
A web application that contains several unit tests for the purpose of .NET security
Stars: ✭ 25 (+177.78%)
Mutual labels:  owasp
dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Stars: ✭ 28 (+211.11%)
Mutual labels:  owasp
dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+1088.89%)
Mutual labels:  owasp
CIS-Ubuntu-20.04-Ansible
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
Stars: ✭ 150 (+1566.67%)
Mutual labels:  owasp
specification
Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
Stars: ✭ 129 (+1333.33%)
Mutual labels:  owasp
dependency-check-py
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (+388.89%)
Mutual labels:  owasp
cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Stars: ✭ 103 (+1044.44%)
Mutual labels:  owasp
View All Similar Projects ➔

Netguru Mobile Security Review

License: CC BY-SA 4.0

This repository contains a full description of Netguru’s security review process for mobile projects.

How to read?

You can read it on Github using table of contents below or download it as an e-book.

Table of Contents

  1. Introduction
    1. Purpose
    2. Inputs
    3. Aspects used to determine the Security level
    4. Method
      1. Steps
      2. Flow
      3. Tools
    5. Results
  2. Risk Analysis
    1. Asset categories
      1. Data types
      2. Communication types
      3. Access permissions types
      4. Component types
    2. Risk assessment
      1. Risk levels
      2. Impact levels
      3. Risk matrix
  3. Security Classification
    1. The purpose of the classification
    2. Asset categories
    3. Levels
      1. Level 0
      2. Level 1
      3. Level 2
      4. Level 3
    4. Security levels specification
  4. Security Requirements
    1. General requirements
    2. Technical requirements for security levels
    3. Requirements description
      1. Encrypted HTTP communication
      2. Screenshot disabling
      3. User dictionary protection
      4. Backup disabling
      5. Logs protection
      6. User credential handling
      7. Brute force attack
      8. Rainbow tables attack
      9. Cryptographic hash function
      10. Obfuscation
      11. Backend keys handling
      12. OWASP Mobile Top 10 requirements
      13. Root/jailbreak detection
      14. Proper system permission handling
      15. Intrusion Detection System
      16. Data wiping on logout
  5. The Report
  6. Dictionary
  7. References
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].