NowSecure
Introduction
Mobile Security Primer
Coding Practices
Increase Code Complexity and Use Obfuscation
Avoid Simple Logic
Test Third-Party libraries
Implement Anti-tamper Techniques
Securely Store Sensitive Data in RAM
Understand Secure Deletion of Data
Avoid Query String for Sensitive Data
Handling Sensitive Data
Implement Secure Data Storage
Use SECURE Setting For Cookies
Fully validate SSL/TLS
Protect Against SSL Downgrade Attacks
Limit Use of UUID
Treat Geolocation Data Carefully
Institute Local Session Timeout
Implement Enhanced/Two-Factor Authentication
Protect Application Settings
Hide Account Numbers and Use Tokens
Implement Secure Network Transmission Of Sensitive Data
Validate Input From Client
Avoid Storing App Data in Backups
Caching and Logging
Avoid Caching App Data
Avoid Crash Logs
Limit Caching of Username
Carefully Manage Debug Logs
Be Aware of the Keyboard Cache
Be Aware of Copy and Paste
Webviews
Prevent Framing and Clickjacking
Protect against CSRF with form tokens
iOS
Use the Keychain Carefully
Avoid Cached Application Snapshots
Implement Protections Against Buffer Overflow Attacks
Avoid Caching HTTP(S) Requests/Responses
Implement App Transport Security (ATS)
Implement Touch ID Properly
Android
Implement File Permissions Carefully
Implement Intents Carefully
Check Activities
Use Broadcasts Carefully
Implement PendingIntents Carefully
Protect Application Services
Avoid Intent Sniffing
Implement Content Providers Carefully
Follow WebView Best Practices
Avoid Storing Cached Camera Images
Avoid GUI Objects Caching
Sign Android APKs
Servers
Implement Proper Web Server Configuration
Properly Configure Server-side SSL
Use Proper Session Management
Protect and Perform Penetration Testing of Web Services
Protect Internal Resources
Published with GitBook
iOS
Read PDF
iOS
6.1 Use the Keychain Carefully
6.2 Avoid Cached Application Snapshots
6.3 Implement Protections Against Buffer Overflow Attacks
6.4 Avoid Caching HTTP(S) Requests/Responses
6.5 Implement App Transport Security (ATS)
6.6 Implement Touch ID Properly
6.7 Declare Intended Use of Protected Data Classes
results matching "
"
No results matching "
"