M5: Insecure Communication
This one has dropped from number three since the 2016 list. Threat Agents Application Specific Virtually all[…]
M4: Insufficient Input/Output Validation
This is a new one (in this form) for the updated list, although in the 2014 list[…]
M3: Insecure Authentication / Authorisation
This one has been in the list before, in a few different forms. It’s here as a[…]
M2: Inadequate Supply Chain Security
Came here from a direct link? Jump to the start of our OWASP Mobile Top 10 series[…]
M1: Improper Credential Usage
A new addition to the 2024 list, this refers to the hard coding of credentials within source[…]
OWASP Mobile Top 10 – Overview & Comparison
Back in May 2024 the final version of the updated OWASP Mobile Top 10 security threats was[…]
OWASP Mobile Top 10
Back in 2016 one of our founders, Alec Tucker, gave some talks on mobile application security: In[…]