OWASP (Open Web Application Security Project) is an organization that provides unbiased and practical, cost-effective information about computer and Internet applications.
Improper Platform Usage
misuse of a platform feature or failure to use platform security controls
Android intents
platform permissions
misuse of TouchID
the Keychain
Insecure Data Storage
This covers insecure data storage and unintended data leakage
Authentication Issue
Insecure Communication
poor handshaking
incorrect SSL versions
weak negotiation
cleartext communication of sensitive assets
Insecure Authentication
Failing to identify the user at all when that should be required
Failure to maintain the user's identity when it is required
Weaknesses in session management
Insufficient Cryptography
This category is for issues where cryptography was attempted, but it wasn't done correctly.
Crash with community issue
Crash with data storage issue
Insecure Authorization
Use authentication method for private activity
Use authentication method for private data
Client Code Quality
Security Decisions Via Untrusted Inputs
Buggy Code
Code Tampering
Security Decisions Via Untrusted Inputs
Buggy Code
Code Tampering
binary patching
local resource modification
method hooking
method swizzling
dynamic memory modification
Reverse Engineering
analysis of the final core binary to determine its source code
libraries
algorithms
Any Question?
Reverse Engineering
analysis of the final core binary to determine its source code
