Skip to main content

Code Security Guidelines for Java/Android and iOS

Secure Coding Practices - Quick Reference Guide

The OWASP Java™ and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.

The project is not limited to Java. It aims to also address topics around the JVM in general.

Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.

OWASP Java Homepage
OWASP Java Guidelines (PDF)


IOS Application Security Testing Cheat Sheet

This cheat sheet provides a checklist of tasks to be performed when testing an iOS application.

When assessing a mobile application several areas should be taken into account: client software, the communication channel and the server side infrastructure.

Testing an iOS application usually requires a jailbroken device. (A device that not pose any restrictions on the software that can be installed on it.)

OWASP iOS Cheat Sheet

Comments

Most Favorite Posts

Using Speech with iOS and Android: SiriKit, Voice Capabilities, Google Assistant

SiriKit SiriKit enables your iOS apps and watchOS apps to work with Siri, so users can get things done using just their voice. Your content and services can be used in new scenarios including access from the lock screen and hands-free use. Apps adopt SiriKit by building an extension that communicates with Siri, even when your app isn’t running. The extension registers with specific domains and intents that it can handle. For example, a messaging app would likely register to support the Messages domain, and the intent to send a message. Siri handles all of the user interaction, including the voice and natural language recognition, and works with your extension to get information and handle user requests. Apple Developer Adding Voice Capabilites Voice actions are an important part of the wearable experience. They let users carry out actions hands-free and quickly. Wear provides two types of voice actions: System-provided These voice actions are task-based and are built into ...

Titanium: Releasing Memory

- It’s true that you can’t manually manage your application objects’ reference count in iOS applications. There are, however, things you can do to free up memory – the big ones in the 1.x product are closing windows (which releases all UI resources associated with the window) and setting references to a proxy object (like one returned by Ti.UI.createXXX) to null, which will release the resources associated with that object. Why you should stay away from Titanium

CFPropertyList

The PHP implementation of Apple's PropertyList plist can handle XML PropertyLists as well as binary PropertyLists. It offers functionality to easily convert data between worlds, e.g. recalculating timestamps from unix epoch to apple epoch and vice versa. A feature to automagically create (guess) the plist structure from a normal PHP data structure will help you dump your data to plist in no time. github

Leveraging your iPhone development expertise to build Windows Phone 7 applications

Assuming you are a happy coder, the joy of developing software all comes down to a few things: Building something cool that users will enjoy Getting rewards from users and recognition from peers Learning how to solve new challenges and build novel features. Even if you have a solid expertise on a particular platform/language, I think it is essential to be a “polyglot” developer. In other words, you might have a native or preferred language, but opening your mind to others can be very stimulating and will bring considerable value to your abilities and your resume. Jumping from one platform or language to another can introduce breaking changes in your habits, but ultimately change is very stimulating and will expand your opportunities. If you are a .NET developer, learning Windows Phone development is not really “change.” Instead, it is more of a continuum, where you just add new features to what you already know. If you are an iPhone developer, new to Windows Phone (and .NET), ...

PlistBuddy

If you want to generate a Plist within the shell script: The PlistBuddy command is used to read and modify values inside of a plist. Unless specified by the -c switch, PlistBuddy runs in interactive mode. Apple PlistBuddy ManPage

App Store Optimization (ASO) Factors and Trends 2020... and earlier

New in ASO: Keyword Spy, Keyword Lists, and Search Visibility Level-up your strategy with these new ASO enhancements in our mobile marketing suite: Keyword Spy, Keyword Lists, and Search Visibility. AppAnnie The ASO Factors & Trends for 2018 study is based on survey data from over 60 ASO and app marketing professionals who were asked to evaluate the effect of different on-metadata and off-metadata factors on Search Rankings and Conversion Rate of mobile apps and games. The TOP 5 factors responsible for ASO on Google Play Store and Apple App Store (on both Search and Conversion Rate level) are nearly identical: App Name / Title Localized product page User Ratings Subtitle / Short Description User reviews TheTool Another nice blog about ASO: Important Tips on Writing An App Description The Apple App Store Optimization Guide 5 Tips on How to Increase App Downloads Keywords Optimization ... MobileAction