Extraneous-Functionality-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M10 – Extraneous Functionality

Extraneous functionality can be defined as any feature or functionality that is present in a mobile application but is either unintentional or no longer needed. It may be left over from earlier stages of the development process, such as during testing or debugging, or added for convenience but overlooked as the application moves closer to production. Regardless of the reason for its existence, extraneous functionality represents a security risk.

Reverse-Engineering-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M9 – Reverse Engineering

Reverse engineering is the process of analysing a system or software to understand its components, functionality, and architecture. In the context of mobile apps, reverse engineering typically involves deconstructing an app’s compiled code to reveal its source code, data structures, and logic. The goal may be to identify vulnerabilities, extract sensitive data, or alter the app’s behaviour for malicious purposes.

Code-Tampering-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M8 – Code Tampering

Code tampering occurs when an attacker manipulates or alters the source code, binaries, or execution flow of a mobile application. This tampering can take various forms, including modifying the code to bypass security checks, reverse engineering to steal intellectual property, or injecting malicious code to steal sensitive data. Mobile apps, which often handle sensitive information like personal data, payment details, and corporate data, are prime targets for these attacks.

Client-Code-Quality-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M7 – Client Code Quality

Client code quality refers to the soundness, reliability, and maintainability of the code executed on mobile devices. The “M7” designation in the OWASP Top 10 highlights vulnerabilities resulting from poorly written client-side code. These vulnerabilities can stem from inadequate input validation, insecure coding practices, or the use of deprecated libraries.

Insecure-Authorisation-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M6 – Insecure Authorisation

Insecure authorisation occurs when an application fails to properly enforce access control mechanisms, allowing unauthorised users or attackers to access resources, perform actions, or manipulate data without appropriate permissions. Unlike authentication, which verifies a user’s identity, authorisation determines what an authenticated user is allowed to do.