Skip to main content

Code Security Guidelines for Java/Android and iOS

Secure Coding Practices - Quick Reference Guide

The OWASP Java™ and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.

The project is not limited to Java. It aims to also address topics around the JVM in general.

Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.

OWASP Java Homepage
OWASP Java Guidelines (PDF)


IOS Application Security Testing Cheat Sheet

This cheat sheet provides a checklist of tasks to be performed when testing an iOS application.

When assessing a mobile application several areas should be taken into account: client software, the communication channel and the server side infrastructure.

Testing an iOS application usually requires a jailbroken device. (A device that not pose any restrictions on the software that can be installed on it.)

OWASP iOS Cheat Sheet

Comments

Popular posts from this blog

Pattern: Riblets vs. VIPER

Engineering the architecture behind Uber's new rider app

Not being held back by our extensive codebase and previous design choices gave us the freedom where we otherwise would have made compromises. The outcome is the sleek new app you see today, which implements a new mobile architecture across both iOS and Android. Read on to learn why we felt the need to create this new architecture pattern, called Riblets, and how it helps us reach our goals.

The platforms share:

Core architectureClass namesInheritance relationships between business logic unitsHow business logic is dividedPlugin points (names, existence, structure, etc.)Reactive programming chainsUnified platform components
Each Riblet is made up of one Router, Interactor, and Builder with its Component (hence the name), and optional Presenters and Views. The Router and Interactor handle the business logic, while the Presenter and View handle the view logic.

Uber

Stetho - A Chrome debug bridge for Android applications

Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.

Facebook Github

WireMock

WireMock is a flexible library for stubbing and mocking web services. Unlike general purpose mocking tools it works by creating an actual HTTP server that your code under test can connect to as it would a real web service.

It supports HTTP response stubbing, request verification, proxy/intercept, record/playback of stubs and fault injection, and can be used from within a unit test or deployed into a test environment.

Although it’s written in Java, there’s also a JSON API so you can use it with pretty much any language out there.

WireMock.org