Tuesday, September 20, 2016

Releasing OWASP Mobile Top 10 (2014) - secure coding learning resources under CC BY-ND 4.0 for everyone to use

Back in April 2016, we blogged about releasing the OWASP Web App Top 10 (2013) slide packs and promised making the OWASP Mobile Top 10 (2014) available as well

Well, today we are giving this away for free to everyone. You can find all the slides on the following locations:
We have opted to create very concise and short modules for each topic so everyone can decide themselves whether to use these in a classroom setting and cover several modules, or use them in an online environment and giving developer bite-size things to learn. Each of the slide-packs are covering:
  1. Summary slide of the topic
  2. One or more practical scenario's to better understand the vulnerability concept and root cause
  3. Examples of potential impact
  4. Recommendations on how to avoid writing these vulnerabilities
Here is a sample module on Unintended Data Leakage

OWASP Top 10 - Mobile

The following are currently available which cover the OWASP Top 10 for Mobile Applications

M1-Weak Server Side Controls

M2-Insecure Data Storage

Transport Layer Protection

M4-Unintended Data Leakage

M5-Poor Authorization and Authentication
M6-Broken Cryptography
M7-Client Side Injection
Decisions Via Untrusted Input
M9-Improper Session Handling

M10-Lack of Binary Protections

At Secure Code Warrior, we want to help not only students and professionals in Australia but also in the rest of the world and we are doing that today by providing teaching material on Secure Coding under "Creative Commons - Attribution-NoDerivatives 4.0 International". This comes down to:
  • Sharing — everyone can copy and redistribute the material in any medium or format
  • for any purpose, even commercially. 

No comments:

Post a Comment