OWASP Mobile Top 10
What is OWASP Mobile Top 10?
OWASP Mobile Top 10An OWASP awareness document that ranks the most critical security risks for mobile applications running on iOS, Android, and similar platforms.
The OWASP Mobile Top 10 is a community-driven awareness document that summarizes the most significant security risks in mobile applications. The 2024 edition covers categories such as Improper Credential Usage, Inadequate Supply Chain Security, Insecure Authentication/Authorization, Insufficient Input/Output Validation, Insecure Communication, Inadequate Privacy Controls, Insufficient Binary Protections, Security Misconfiguration, Insecure Data Storage, and Insufficient Cryptography. It is closely tied to the MASVS (control framework) and MASTG (testing guide). Mobile developers, MSAS/MAST tools, and pentesters use the Mobile Top 10 to prioritize remediation, frame training, and explain mobile-specific risk to non-technical stakeholders.
● Examples
- 01
A mobile app team prioritizing fixes for hard-coded API keys under M1 Improper Credential Usage.
- 02
A MAST tool grouping findings by Mobile Top 10 2024 ID in its developer dashboard.
● Frequently asked questions
What is OWASP Mobile Top 10?
An OWASP awareness document that ranks the most critical security risks for mobile applications running on iOS, Android, and similar platforms. It belongs to the Compliance & Frameworks category of cybersecurity.
What does OWASP Mobile Top 10 mean?
An OWASP awareness document that ranks the most critical security risks for mobile applications running on iOS, Android, and similar platforms.
How does OWASP Mobile Top 10 work?
The OWASP Mobile Top 10 is a community-driven awareness document that summarizes the most significant security risks in mobile applications. The 2024 edition covers categories such as Improper Credential Usage, Inadequate Supply Chain Security, Insecure Authentication/Authorization, Insufficient Input/Output Validation, Insecure Communication, Inadequate Privacy Controls, Insufficient Binary Protections, Security Misconfiguration, Insecure Data Storage, and Insufficient Cryptography. It is closely tied to the MASVS (control framework) and MASTG (testing guide). Mobile developers, MSAS/MAST tools, and pentesters use the Mobile Top 10 to prioritize remediation, frame training, and explain mobile-specific risk to non-technical stakeholders.
How do you defend against OWASP Mobile Top 10?
Defences for OWASP Mobile Top 10 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for OWASP Mobile Top 10?
Common alternative names include: OWASP Mobile Top Ten, Mobile Top 10.
● Related terms
- compliance№ 778
OWASP MASVS
The OWASP Mobile Application Security Verification Standard, a baseline of testable security requirements for iOS and Android mobile applications.
- compliance№ 781
OWASP Top 10
An OWASP awareness document that lists the most critical security risks to web applications, updated periodically from real-world vulnerability data.
- compliance№ 774
OWASP API Security Top 10
An OWASP awareness document that ranks the most critical security risks affecting web APIs, complementing the general OWASP Top 10 for web applications.
- appsec№ 982
Secure Coding
The practice of writing source code in ways that minimize security defects, following defensive patterns, language-specific rules and recognized guidelines.
- compliance№ 204
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.