Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nowsecure/secure-mobile-development

A Collection of Secure Mobile Development Best Practices
https://github.com/nowsecure/secure-mobile-development

android apple best-practices gitbook ios mobile-security nowsecure secure-development

Last synced: 3 months ago
JSON representation

A Collection of Secure Mobile Development Best Practices

Lists

README 

        
# Secure Mobile Development



At NowSecure we spend a lot of time attacking mobile apps - hacking, breaking encryption, finding flaws, penetration testing, and looking for sensitive data stored insecurely. We do it for the right reasons - to help developers make their apps more secure. This document represents some of the knowledge we share with our clients and partners. **We are driven to advance mobile app security worldwide.**



## Using this Guide



This guide gives specific recommendations to use during your development process. The descriptions of attacks and security recommendations in this report are not exhaustive or perfect, but you will get practical advice that you can use to make your apps more secure.



We revise our best practices periodically and invite [contributions](https://github.com/nowsecure/secure-mobile-development/pulls), and the updated guide is published [here](https://books.nowsecure.com/secure-mobile-development/) as changes are accepted into the main repository.



To learn about all the vectors that attackers might use on your app, read our [Mobile Security Primer](en/primer/mobile-security.md).



### Categories



We categorize our Secure Mobile Development Best Practices under eight topics. You can find a complete table of contents [here](en/SUMMARY.md)



* [Coding Practices](en/coding-practices/README.md)

* [Handling Sensitive Data](en/sensitive-data/README.md)

* [Caching and Logging](en/caching-logging/README.md)

* [Webviews](en/webviews/README.md)

* [iOS](en/ios/README.md)

* [Android](en/android/README.md)

* [Servers](en/servers/README.md)



### Technology Stack



The book is written with GitBook.



### Contributing



We revise our best practices periodically and invite [contributions](https://github.com/nowsecure/secure-mobile-development/pulls), and the updated guide is published [here](https://books.nowsecure.com/secure-mobile-development/) as changes are accepted into the main repository.



We welcome contributions from knowledgeable developers and security professionals. All contributors must read our [Contributing](CONTRIBUTING.md) page and accept the terms in their Pull Requests. Please follow the template and format provided if you do contribute.



We publish this guide under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International [License](LICENSE.md).



We will review contributions and periodically publish updated recommendations. If you have questions or feedback please [let us know](https://www.nowsecure.com/contact/).



### Instructions



First fork this repository, make your changes and submit them back to this repository as a Pull Request. If you are unfamiliar with this process, please read the [GitHub User Documentation](https://help.github.com/articles/creating-a-pull-request/).



#### Adding a Best Practice



TBD