OWASP mobile security

OWASP mobile image

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. The project is a breading ground for many different mobile security projects within OWASP. Right now, you can find the following active OWASP mobile security projects:

Project / deliverable
Current leaders
Description
Android CK project
Florian Pradines
A python tool to help in forensics analysis on android.
Damn Vulnerable iOS Application
Prateek Gianchandani
An iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.
iGoat Tool Project
Swaroop Yermalkar
A learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.
Mobile Application Security Verification Standard
Sven Schleier
Jeroen Willemsen
Carlos Holguera
A standard for mobile app security which outlines the security requirements of a mobile application.
Mobile Security Checklist
Sven Schleier
Jeroen Willemsen
Carlos Holguera
A checklist which allows easy mapping and scoring of the requirements from the Mobile Application Security Verification Standard based on the Mobile Security Testing Guide.
Mobile Security Testing Guide
Sven Schleier
Jeroen Willemsen
Carlos Holguera
A comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers as well as developers.
Mobile Top Ten
Jason Haddix
Daniel Miessler
Jonathan Carter
Milan Singh Thakur
The OWASP Mobile Security top 10 is created to raise awareness for the current mobile security issues. Note that this project has not been migrated yet: See this archive site and this archive site for the older resources.
MSTG Hacking Playground
Sven Schleier
Jeroen Willemsen
Carlos Holguera
A hacking playground with various vulnerable mobile apps for Android and iOS.
Seraphimdroid
Nikola Milosevic
Kartik Kholi
A privacy and security protection app for Android devices.

Not what you are looking for? Please have a look at the Old Mobile Security page and the Mobile Security Archive.

Want to start a new mobile security project? Follow https://www.owasp.org/index.php/Category:OWASP_Project#Starting_a_New_Project or contact one of the leaders of the active projects.

Acknowledgements

The OWASP Mobile Security project has a long history. It has been a source for many projects their predecessors as is clearly visible in the archive.

Former Leaders

Jonathan Carter Milan Singh Thakur Mike Zusman Tony DeLaGrange Sarath Geethakumar Tom Eston Don Williams Jason Haddix

Top Contributors

Zach Lanier Ludovic Petit Swapnil Deshmukh Beau Woods David Martin Aaron Luca De Fulgentis Andrew Pannell Stephanie V

Watch Star