The OWASP community has been working on getting the latest risks incorporated. The top 10 list might change in 2016 according to what we see as the top risk by considering various factors. You should be able to see the yearly commentary by visiting https://www.owasp.org/index.php/Mobile2015Commentary.
The checklist can be found at https://drive.google.com/file/d/0BxOPagp1jPHWVnlzWGNVbFBMTW8/view.
As we began this chapter with a security mind map, we will now go ahead and create a new checklist for assessment of any iOS and Android apps as follows:
Network Level | ||
---|---|---|
Certificate validation |
Certificate validation is not performed | |
Certificate pinning implementation |
No certificate pinning noted | |
Cipher suites configuration |
Weak cipher suites noted | |
CFNetwork usage |
CFNetwork API used to negotiate SSL/TLS connection | |
Side channel leakage prevention |
Leaks information through other channels | |
Insecure caching on network |
Improper... |