Secure Mobile Development

• Coding Practices
  • 2.2 Avoid Simple Logic
  • 2.4 Implement Anti-tamper Techniques
  • 2.6 Understand Secure Deletion of Data
• Handling Sensitive Data
  • 3.2 Use SECURE Setting For Cookies
  • 3.4 Protect Against SSL Downgrade Attacks
  • 3.6 Treat Geolocation Data Carefully
  • 3.9 Protect Application Settings
  • 3.11 Implement Secure Network Transmission Of Sensitive Data
  • 3.13 Avoid Storing App Data in Backups
• • 4.1 Avoid Caching App Data
  • 4.3 Limit Caching of Username
  • 4.5 Be Aware of the Keyboard Cache
• Webviews
  • 5.2 Protect against CSRF with form tokens
• • 6.1 Use the Keychain Carefully
  • 6.3 Implement Protections Against Buffer Overflow Attacks
  • 6.6 Implement Touch ID Properly
• • 7.1 Implement File Permissions Carefully
  • 7.3 Check Activities
  • 7.5 Implement PendingIntents Carefully
  • 7.7 Avoid Intent Sniffing
  • 7.9 Follow WebView Best Practices
  • 7.11 Avoid GUI Objects Caching
• Servers
  • 8.2 Properly Configure Server-side SSL
  • 8.5 Protect Internal Resources