Approov Blog

OWASP

And Why Apple, Google and Huawei Need to Participate The OWASP MAS project continues to lead the way in mobile application security. This article describes the resources and tools which have recently been added to OWASP MAS, which provides mobile app security guidance and tools for developers and security professionals alike. Also, we will argue that OWASP really deserves to receive the full support of the major mobile platform and device vendors. Read Full Story

In case you didn't notice, the OWASP Mobile Top 10 List was just updated, for the first time since 2016! This is important for developers since this list represents the list of the most crucial mobile application security risks in 2024. This blog explains how this fits in with other OWASP security guidelines, summarizes each of the 10 risks and discusses some possible next steps for developers. Read Full Story

What is OWASP MASVS? The OWASP (Open Worldwide Application Security Project) MASVS (Mobile Application Security Verification Standard) is a valuable resource for mobile app developers seeking to improve the security posture of their iOS and Android applications. The standard is based on the collective knowledge of security experts from around the world and provides both a baseline and a benchmark for security requirements for mobile apps. Read Full Story

Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client and service. Read Full Story