OWASP mobile security

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. The project is a breading ground for many different mobile security projects within OWASP. Right now, you can find the following active OWASP mobile security projects:

Project / deliverable

Current leaders

Description

Android CK project

Florian Pradines

A python tool to help in forensics analysis on android.

Damn Vulnerable iOS Application

Prateek Gianchandani

An iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.

iGoat Tool Project

Swaroop Yermalkar

A learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

Mobile Application Security Verification Standard

Sven Schleier
Jeroen Willemsen
Carlos Holguera

A standard for mobile app security which outlines the security requirements of a mobile application.

Mobile Security Checklist

Sven Schleier
Jeroen Willemsen
Carlos Holguera

A checklist which allows easy mapping and scoring of the requirements from the Mobile Application Security Verification Standard based on the Mobile Security Testing Guide.

Mobile Security Testing Guide

Sven Schleier
Jeroen Willemsen
Carlos Holguera

A comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers as well as developers.

Mobile Top Ten

Jason Haddix
Daniel Miessler
Jonathan Carter
Milan Singh Thakur

The OWASP Mobile Security top 10 is created to raise awareness for the current mobile security issues. Note that this project has not been migrated yet: See this archive site and this archive site for the older resources.

MSTG Hacking Playground

Sven Schleier
Jeroen Willemsen
Carlos Holguera

A hacking playground with various vulnerable mobile apps for Android and iOS.

Seraphimdroid

Nikola Milosevic
Kartik Kholi

A privacy and security protection app for Android devices.

Not what you are looking for? Please have a look at the Old Mobile Security page and the Mobile Security Archive.

Want to start a new mobile security project? Follow https://www.owasp.org/index.php/Category:OWASP_Project#Starting_a_New_Project or contact one of the leaders of the active projects.