diff --git a/src/content/docs/security/security_in_mobile_apps.mdx b/src/content/docs/security/security_in_mobile_apps.mdx index e4d4f8b..ac966e7 100644 --- a/src/content/docs/security/security_in_mobile_apps.mdx +++ b/src/content/docs/security/security_in_mobile_apps.mdx @@ -42,6 +42,7 @@ But first let's take a look at the common mobile app security threats. - **Unsecured Third-Party Libraries:** Integration of insecure or outdated third-party libraries, introducing potential vulnerabilities into the mobile app. - **Poorly Implemented Multi-Factor Authentication (MFA):** Inadequate implementation of MFA, allowing attackers to bypass additional authentication measures. - **Supply Chain Attacks:** Compromising the security of a mobile app or API through vulnerabilities in its supply chain, including third-party services or components. +- **Social Engineering**: is a manipulation tactic that exploits human error to gain unauthorized access to private information, systems, or valuables. In cybercrime, it involves deceiving users into revealing data, spreading malware, or granting access to restricted systems. And more. @@ -189,3 +190,16 @@ More information on _M9: Insecure Data Storage_ [here.](https://owasp.org/www-pr Adopt strong hash functions like SHA-256 or bcrypt, apply salting to hashed passwords to defend against precomputed attack tables, and use Key Derivation Functions like PBKDF2 or scrypt to strengthen password-based cryptography and resist brute-force attacks. More information on _M10: Insufficient Cryptography_ [here.](https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography.html) + + +## OWASP MAS Checklist + +The **OWASP Mobile Application Security (MAS) Checklist** is a comprehensive guide to securing mobile apps against common security threats. The checklist will provide you with a detailed list of security best practices, including secure coding guidelines, secure data storage, secure communication, and secure authentication mechanisms, so if you are interested in increasing the security of the above points, this will be a good starting point. +You can find the OWASP MAS checklist here [here.](https://mas.owasp.org/checklists/) + + +## Other OWASP Resources + +- [OWASP Mobile Application Security Testing Guide (MASTG)](https://mas.owasp.org/MASTG/) +- [OWASP Mobile Application Security Verification Standard (MASVS)](https://mas.owasp.org/MASVS/) +- [OWASP Mobile Application Security Weakness Enumeration (MASWE)](https://mas.owasp.org/MASWE/)