SUMMARY.md

Summary

• Mobile Security Primer
• Coding Practices
  • Increase Code Complexity and Use Obfuscation
  • Avoid Simple Logic
  • Test Third-Party libraries
  • Implement Anti-tamper Techniques
  • Securely Store Sensitive Data in RAM
  • Understand Secure Deletion of Data
  • Avoid Query String for Sensitive Data
• Handling Sensitive Data
  • Implement Secure Data Storage
  • Use SECURE Setting For Cookies
  • Fully validate SSL/TLS
  • Protect Against SSL Downgrade Attacks
  • Limit Use of UUID
  • Treat Geolocation Data Carefully
  • Institute Local Session Timeout
  • Implement Enhanced/Two-Factor Authentication
  • Protect Application Settings
  • Hide Account Numbers and Use Tokens
  • Implement Secure Network Transmission Of Sensitive Data
  • Validate Input From Client
  • Avoid Storing App Data in Backups
• Caching and Logging
  • Avoid Caching App Data
  • Avoid Crash Logs
  • Limit Caching of Username
  • Carefully Manage Debug Logs
  • Be Aware of the Keyboard Cache
  • Be Aware of Copy and Paste
• Webviews
  • Prevent Framing and Clickjacking
  • Protect against CSRF with form tokens
• iOS
  • Use the Keychain Carefully
  • Avoid Cached Application Snapshots
  • Implement Protections Against Buffer Overflow Attacks
  • Avoid Caching HTTP(S) Requests/Responses
  • Implement App Transport Security (ATS)
  • Implement Touch ID Properly
• Android
  • Implement File Permissions Carefully
  • Implement Intents Carefully
  • Check Activities
  • Use Broadcasts Carefully
  • Implement PendingIntents Carefully
  • Protect Application Services
  • Avoid Intent Sniffing
  • Implement Content Providers Carefully
  • Follow WebView Best Practices
  • Avoid Storing Cached Camera Images
  • Avoid GUI Objects Caching
  • Sign Android APKs
• Servers
  • Implement Proper Web Server Configuration
  • Properly Configure Server-side SSL
  • Use Proper Session Management
  • Protect and Perform Penetration Testing of Web Services
  • Protect Internal Resources