This repository contains a full description of Netguru’s security review process for mobile projects.
You can read it on Github using table of contents below or download it as an e-book.
- Introduction
- Risk Analysis
- Security Classification
- Security Requirements
- General requirements
- Technical requirements for security levels
- Requirements description
- Encrypted HTTP communication
- Screenshot disabling
- User dictionary protection
- Backup disabling
- Logs protection
- User credential handling
- Brute force attack
- Rainbow tables attack
- Cryptographic hash function
- Obfuscation
- Backend keys handling
- OWASP Mobile Top 10 requirements
- Root/jailbreak detection
- Proper system permission handling
- Intrusion Detection System
- Data wiping on logout
- The Report
- Dictionary
- References