Upload File

owasp mobile app checklist v1.0

prev
next
out of 3
Download OWASP Mobile App Checklist v1.0

Upload: sam-kumar

Post on 25-Feb-2018

213 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    1/3

    CLIENT SIDE CHECKS

    Sr. Vulnerability Name ApplicablePlatform

    Compliant?Yes/No/NA

    1 Application is Vulnerable to Reverse Engineering Attack All

    2 Account Lockout not Implemented All

    3 Application is Vulnerable to XSS All

    4 Authentication bypassed All

    5 Hard coded sensitive information in Application Code All

    6 Malicious File Upload All

    7 Session Fixation All

    8 Application does not Verify MSISDN WAP

    9 Privilege Escalation All

    10 SQL Injection All

    11 Attacker can bypass Second Level Authentication All

    12 Application is vulnerable to LDAP Injection All

    13 Application is vulnerable to OS Command Injection All

    14 iOS snapshot/backgrounding Vulnerability iOS

    15 Debug is set to TRUE Android

    16 Application makes use of Weak Cryptography All

    17 Cleartext information under SSL Tunnel All

    18 Client Side Validation can be bypassed All

    19 Invalid SSL Certificate All

    20 Sensitive Information is sent as Clear Text over network All

    21 CAPTCHA is not implemented on Public Pages/Login Pages All

    22 Improper or NO implementation of Change Password Page All

    23 Application does not have Logout Functionality All

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    2/3

    24 Sensitive information in Application Log Files All

    25 Sensitive information sent as a querystring parameter All

    26 URL Modification All

    27 Sensitive information in Memory Dump All

    28 Weak Password Policy All

    29 Autocomplete is not set to OFF All

    30 Application is accessible on Rooted or Jail Broken Device All31 Back-and-Refresh attack All

    32 Directory Browsing All

    33 Usage of Persistent Cookies All

    34 Open URL Redirects are possible All

    35 Improper exception Handling: In code All

    36 Insecure Application Permissions All

    37 Application build contains Obsolete Files All

    38 Certificate Chain is not Validated All

    39 Last Login information is not displayed All

    40 Private IP Disclosure All

    41 UI Impersonation through RMS file modification JAVA

    42 UI Impersonation through JAR file modification Android

    43 Operation on a resource after expiration or release All

    44 No Certificate Pinning All

    45 Cached Cookies or information not cleaned after application removal/Clos All

    46 ASLR Not Used iOS

    47 Clipboard is not disabled All

    48 Cache smashing protection is not enabled iOS

    49 Android Backup Vulnerability Android

    SERVER SIDE CHECKS

    Sr. Vulnerability Name ApplicablePlatform

    Compliant?Yes/No/NA

    50 Cleartext password in Response All

    51 Direct Reference to internal resource without authentication All

  • 7/25/2019 OWASP Mobile App Checklist v1.0

    3/3

    52 Application has NO or improper Session Management All

    53 Cross Domain Scripting Vulnerability All

    54 Cross Origin Resource Sharing All

    55 Improper Input Validation - Server Side All

    56 Detailed Error page shows internal sensitive information All

    57 Application allows HTTP Methods besides GET and POST All

    58 Cross Site Request Forgery (CSRF)/SSRF All59 Cacheable HTTPS Responses All

    60 Path Attribute not set on a Cookie All

    61 HttpOnly Attribute not set for a cookie All

    62 Secure Attribute not set for a cookie All

    63 Application is Vulnerable to Clickjacking/Tapjacking attack All

    64 Server/OS fingerprinting is possible All


Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series

CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 OVER DE … · 2019-11-29 · CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 (*) Status: 1=afgerond, 2=loopt, 3=nog te doen, 4=issue 3 2018:

OWASP CODE REVIEW GUIDE – RC 2 - Ministerio Defensa · 2009. 11. 19. · OWASP Code Review Guide V1.0 2007 5 enough. Consider which of the approaches will identify the largest amount

Owasp tools - OWASP Serbia

OWASP Toronto - OWASP Foundation | Open Source Foundation

Compliance with OWASP ASVS L1: Failed - UnderDefense · Compliance with OWASP ASVS L1: Failed ... • Pentest Execution Standard • SANS: ... (see Appendix A with a key checklist)

The new OWASP standard for the Web Application Penetration ... · Penetration Testing Matteo Meucci ... – "OWASP Web Application Penetration Checklist", V1.0 ... really useful as

OWASP Cornucopia Ecommerce Website Edition · Web viewAuthentication Cheat Sheet OWASP SCP 47, 52 OWASP ASVS 2.12, 8.4, 8.10 OWASP AppSensor UT1 CAPEC-SAFECode 28 OWASP Cornucopia

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

PR S 47117 FM200 V1.0 Inspection and Testing of … · Web viewPR S 47117 FM200 V1.0 Inspection and Testing of Signalling – Signal Sighting Checklist Description PR S 47117 FM200

OWASP @ ISCTE-IUL, OWASP e OWASP Portugal

START UP CHECKLIST€¦ · copyright 2017-2018 | v1.0 WordPress Start Up Checklist Rob Orr | GET YOUR DOMAIN NAME REGISTERED Finding the right domain name for your new

Jack oughton ‘virtuous writing checklist' v1.0

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt

The OWASP Foundation OWASP Busting Frame Busting

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

OWASP Testing Guide v4 · Testing Guide history • January 2004 –" The OWASP Testing Guide", Version 1.0 • July 14, 2004 –"OWASP Web Application Penetration Checklist", Version

THE OWASP APPROACH - Universidad del Pacífico | UP the OWASP approa… · SECURITY IN THE SDLC (System Development Lifecycle) 2. ... el checklist de codificación segura, ... Static

The OWASP Foundation OWASP Chennai 2007 Phishing

Checklist of SAS Platform Administration Tasks · 2015-07-07 · Checklist of SAS Platform Administration Tasks, v1.0 Unrestricted Page 2 of 28 1 Introduction This document contains

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

Using jira to manage risks v1.0 - owasp app sec eu - june 2016

New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

OWASP Web Application Penetration Checklis · PDF file14.07.2004 · OWASP Web Application Penetration Checklist 2 Feedback To provide feedback on this checklist, please send an e-mail

OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

SEO Checklist for Marketing Websites · Web viewSEO Checklist for Marketing Websites Polavaram, Harika | v1.0 | June 21, 2016 SEO Checklist for Marketing Websites SEO Checklist for

OWASP Top 10 Schulung › ... › 2018 › OWASP_Top_10_Homepage.pdfEntwicklung der OWASP Top 10 OWASP Top Ten - 2010 OWASP Top Ten - 2013 OWASP Top Ten –2017 A1 –Injection Flaws

CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 OVER DE … · CHECKLIST DIENSTVERLENING OMGEVINGSWET V1.0 (*) Status: 1=afgerond, 2=loopt, 3=nog te doen, 4=issue 3 2018: START IMPLEMENTATIE

Isc2 secure sdlc owasp achieving compliance v1.0 2012 05-04

Checklist of SAS Platform Administration Tasks - sas… · 26/02/2015 · Checklist of SAS Platform Administration Tasks, v1.0 Unrestricted Page 3 of 28 relating to each task you

Owasp Mosc2010 - Tour of Owasp Projects

OWASP Joomla! Vulnerability Scanner - OWASP-MY

OWASP Guadalajara owasp/index.php/Guadalajara

Dan Catalin VASILE - Hacking the Wordpress EcoSystem€¦ · – [email protected] / @DanCVASILE. ... WordpressSecurity Checklist project on OWASP ... Dan Catalin VASILE - Hacking the

OWASP Testing Guide - OWASP Summit 2011