This repository contains a full description of Netguru’s security review process for mobile projects.

You can read it on Github using table of contents below or download it as an e-book.

1. Introduction
   1. Purpose
   2. Inputs
   3. Aspects used to determine the Security level
   4. Method
      1. Steps
      2. Flow
      3. Tools
   5. Results
2. Risk Analysis
   1. Asset categories
      1. Data types
      2. Communication types
      3. Access permissions types
      4. Component types
   2. Risk assessment
      1. Risk levels
      2. Impact levels
      3. Risk matrix
3. Security Classification
   1. The purpose of the classification
   2. Asset categories
   3. Levels
      1. Level 0
      2. Level 1
      3. Level 2
      4. Level 3
   4. Security levels specification
4. Security Requirements
   1. General requirements
   2. Technical requirements for security levels
   3. Requirements description
      1. Encrypted HTTP communication
      2. Screenshot disabling
      3. User dictionary protection
      4. Backup disabling
      5. Logs protection
      6. User credential handling
      7. Brute force attack
      8. Rainbow tables attack
      9. Cryptographic hash function
      10. Obfuscation
      11. Backend keys handling
      12. OWASP Mobile Top 10 requirements
      13. Root/jailbreak detection
      14. Proper system permission handling
      15. Intrusion Detection System
      16. Data wiping on logout
5. The Report
6. Dictionary
7. References