Upload File

owasp mobile app checklist v1.0

prev
next
out of 3
Download OWASP Mobile App Checklist v1.0

Upload: sam-kumar

Post on 25-Feb-2018

213 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    1/3

    CLIENT SIDE CHECKS

    Sr. Vulnerability Name ApplicablePlatform

    Compliant?Yes/No/NA

    1 Application is Vulnerable to Reverse Engineering Attack All

    2 Account Lockout not Implemented All

    3 Application is Vulnerable to XSS All

    4 Authentication bypassed All

    5 Hard coded sensitive information in Application Code All

    6 Malicious File Upload All

    7 Session Fixation All

    8 Application does not Verify MSISDN WAP

    9 Privilege Escalation All

    10 SQL Injection All

    11 Attacker can bypass Second Level Authentication All

    12 Application is vulnerable to LDAP Injection All

    13 Application is vulnerable to OS Command Injection All

    14 iOS snapshot/backgrounding Vulnerability iOS

    15 Debug is set to TRUE Android

    16 Application makes use of Weak Cryptography All

    17 Cleartext information under SSL Tunnel All

    18 Client Side Validation can be bypassed All

    19 Invalid SSL Certificate All

    20 Sensitive Information is sent as Clear Text over network All

    21 CAPTCHA is not implemented on Public Pages/Login Pages All

    22 Improper or NO implementation of Change Password Page All

    23 Application does not have Logout Functionality All

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    2/3

    24 Sensitive information in Application Log Files All

    25 Sensitive information sent as a querystring parameter All

    26 URL Modification All

    27 Sensitive information in Memory Dump All

    28 Weak Password Policy All

    29 Autocomplete is not set to OFF All

    30 Application is accessible on Rooted or Jail Broken Device All31 Back-and-Refresh attack All

    32 Directory Browsing All

    33 Usage of Persistent Cookies All

    34 Open URL Redirects are possible All

    35 Improper exception Handling: In code All

    36 Insecure Application Permissions All

    37 Application build contains Obsolete Files All

    38 Certificate Chain is not Validated All

    39 Last Login information is not displayed All

    40 Private IP Disclosure All

    41 UI Impersonation through RMS file modification JAVA

    42 UI Impersonation through JAR file modification Android

    43 Operation on a resource after expiration or release All

    44 No Certificate Pinning All

    45 Cached Cookies or information not cleaned after application removal/Clos All

    46 ASLR Not Used iOS

    47 Clipboard is not disabled All

    48 Cache smashing protection is not enabled iOS

    49 Android Backup Vulnerability Android

    SERVER SIDE CHECKS

    Sr. Vulnerability Name ApplicablePlatform

    Compliant?Yes/No/NA

    50 Cleartext password in Response All

    51 Direct Reference to internal resource without authentication All

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    3/3

    52 Application has NO or improper Session Management All

    53 Cross Domain Scripting Vulnerability All

    54 Cross Origin Resource Sharing All

    55 Improper Input Validation - Server Side All

    56 Detailed Error page shows internal sensitive information All

    57 Application allows HTTP Methods besides GET and POST All

    58 Cross Site Request Forgery (CSRF)/SSRF All59 Cacheable HTTPS Responses All

    60 Path Attribute not set on a Cookie All

    61 HttpOnly Attribute not set for a cookie All

    62 Secure Attribute not set for a cookie All

    63 Application is Vulnerable to Clickjacking/Tapjacking attack All

    64 Server/OS fingerprinting is possible All


CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 OVER DE … · CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 (*) Status: 1=afgerond, 2=loopt, 3=nog te doen, 4=issue 3 2018: START IMPLEMENTATIE

PR S 47117 FM200 V1.0 Inspection and Testing of … · Web viewPR S 47117 FM200 V1.0 Inspection and Testing of Signalling – Signal Sighting Checklist Description PR S 47117 FM200

OWASP Toronto - OWASP Foundation | Open Source Foundation

The OWASP Foundation OWASP Busting Frame Busting

OWASP Education OWASP Global Summit Portugal 2011

Checklist of SAS Platform Administration Tasks - sas… · 26/02/2015 · Checklist of SAS Platform Administration Tasks, v1.0 Unrestricted Page 3 of 28 relating to each task you

Owasp Mosc2010 - Tour of Owasp Projects

SEO Checklist for Marketing Websites · Web viewSEO Checklist for Marketing Websites Polavaram, Harika | v1.0 | June 21, 2016 SEO Checklist for Marketing Websites SEO Checklist for

CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 OVER DE … · 2019-11-29 · CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 (*) Status: 1=afgerond, 2=loopt, 3=nog te doen, 4=issue 3 2018:

Compliance with OWASP ASVS L1: Failed - UnderDefense · Compliance with OWASP ASVS L1: Failed ... • Pentest Execution Standard • SANS: ... (see Appendix A with a key checklist)

Using jira to manage risks v1.0 - owasp app sec eu - june 2016

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

OWASP CODE REVIEW GUIDE – RC 2 - Ministerio Defensa · 2009. 11. 19. · OWASP Code Review Guide V1.0 2007 5 enough. Consider which of the approaches will identify the largest amount

OWASP @ ISCTE-IUL, OWASP Top 10 2010

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series

Audit Checklist – AWS Standard V1Audit Checklist – AWS Standard V1.0 Guidance to auditor(s): ... PMB’s Operational Director has signed the “Integrated Management System Policy”

The OWASP Foundation OWASP AppSec Aguascalientes 2010 ¿Qué es OWASP? Miguel Pérez-Milicua Softtek Miembro de OWASP capítulo Aguacalientes

OWASP @ ISCTE-IUL, OWASP e OWASP Portugal

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

OWASP Web Application Penetration Checklis · PDF file14.07.2004 · OWASP Web Application Penetration Checklist 2 Feedback To provide feedback on this checklist, please send an e-mail

OWASP 2013 APPSEC USA Talk - OWASP ZAP

Checklist of SAS Platform Administration Tasks · 2015-07-07 · Checklist of SAS Platform Administration Tasks, v1.0 Unrestricted Page 2 of 28 1 Introduction This document contains

The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member

OWASP Guadalajara owasp/index.php/Guadalajara

Dan Catalin VASILE - Hacking the Wordpress EcoSystem€¦ · – [email protected] / @DanCVASILE. ... WordpressSecurity Checklist project on OWASP ... Dan Catalin VASILE - Hacking the

OWASP Web Application Penetration Checklist Web Application Penetration Checklist 1 Introduzione L’attività di Penetration test non sarà mai una scienza esatta se la si considera

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

 · OWASP Bricks: A PHP vulnerable site with lessons Is there a checklist to make sure I don't forget anything? OWASP ASVS is 'the list' you can apply to your

Jack oughton ‘virtuous writing checklist' v1.0

THE OWASP APPROACH - Universidad del Pacífico | UP the OWASP approa… · SECURITY IN THE SDLC (System Development Lifecycle) 2. ... el checklist de codificación segura, ... Static

Owasp tools - OWASP Serbia

OWASP Day - OWASP Day - Lets secure!

Isc2 secure sdlc owasp achieving compliance v1.0 2012 05-04

OWASP Testing Guide v4 · Testing Guide history • January 2004 –" The OWASP Testing Guide", Version 1.0 • July 14, 2004 –"OWASP Web Application Penetration Checklist", Version