| layout | title | tags | level | type |
|---|---|---|---|---|
col-sidebar |
OWASP Mobile Top 10 |
acknowledgements-tag controls-tag |
3 |
documentation |
The new Mobile Top 10 list for 2024 is out now.
We would love to see you participate and contribute to the research we are doing.
Join the SLACK Channel
If you face any issues joining us on Slack, please feel free to reach out to Project Leads.
Let's get started!
Join us on the Slack channel for contributions!!
More updates to follow soon...
Below is the OWASP Mobile Top-10 2024 Release
- M1: Improper Credential Usage
- M2: Inadequate Supply Chain Security
- M3: Insecure Authentication/Authorization
- M4: Insufficient Input/Output Validation
- M5: Insecure Communication
- M6: Inadequate Privacy Controls
- M7: Insufficient Binary Protections
- M8: Security Misconfiguration
- M9: Insecure Data Storage
- M10: Insufficient Cryptography
Vulnerabilities that didn't make the place on the initial release list, but in the future, we may consider them.
- Data Leakage
- Hardcoded Secrets
- Insecure Access Control
- Path Overwrite and Path Traversal
- Unprotected Endpoints (Deeplink, Activitity, Service ...)
- Unsafe Sharing
- M1: Improper Platform Usage
- M2: Insecure Data Storage
- M3: Insecure Communication
- M4: Insecure Authentication
- M5: Insufficient Cryptography
- M6: Insecure Authorization
- M7: Client Code Quality
- M8: Code Tampering
- M9: Reverse Engineering
- M10: Extraneous Functionality
- M1: Weak Server Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client Side Injection
- M8: Security Decisions Via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections