本地会话超时机制 详细描述 建议 CWE/OWASP 本地会话超时机制 详细描述 移动设备经常丢失或被盗，攻击者可以利用活动的会话来访问敏感数据，执行事务或在设备所有者的帐户上执行侦察。 此外，如果没有适当的会话超时，应用可能容易受到中间人攻击的数据拦截。 建议 任何时间应用程序不使用超过5分钟，终止活动会话，将用户重定向到登录屏幕，...

Use Proper Session Management Details Remediation CWE/OWASP Use Proper Session Management Details Sessions for users are maintained on most apps via a cookie, which can be...

Implement Secure Network Transmission Of Sensitive Data Details Remediation CWE/OWASP Implement Secure Network Transmission Of Sensitive Data Details Unlike web browsers, ...

正确应用Touch ID 详细描述 建议 参考 CWE/OWASP 正确应用Touch ID 详细描述 Touch ID通常被用来允许用户在不输入密码的情况下对其设备进行认证和解锁。 一些开发人员还使用Touch ID，允许用户使用存储的设备指纹对其应用进行身份验证。 当开发人员在其应用中应用Touch ID时，通常会采用以下两种方式之...

2016 Nov 22 OWASP OC - Pwning machine Learning (ML) for Fun and Profit philosophers books Upcoming training 2016 Nov 22 OWASP OC - Pwning machine Learning (ML) for Fun an...

Sign Android APKs Details Remediation References CWE/OWASP Sign Android APKs Details APKs should be signed correctly with a non-expired certificate. Remediation Sign ...

Implement App Transport Security (ATS) Details Remediation References CWE/OWASP Implement App Transport Security (ATS) Details New in iOS 9, App Transport Security (ATS) ...

Protect Internal Resources Details Remediation CWE/OWASP Protect Internal Resources Details Resources for internal use such as administrator login forms frequently leverag...

Validate Input From Client Details Remediation References CWE/OWASP Validate Input From Client Details Even if data is is generated from your app, it is possible for thi...

Preventing database injection vulnerabilities by using ORM/ODM libraries or other DAL packages One Paragraph Explainer Libraries Example - NoSQL query injection Example - SQL in...