OWASP Web Services Cheat Sheet
Although there isn’t an OWASP Web Services Top 10, there is an OWASP Web Service Security Cheat Sheet that can help you come to grips with where to start in securing your web services. We’ve looked at OWASP in previous chapters and, again, it stands for Open Web Application Security Project. It is one of the main industry standards for secure coding practices.
The OWASP standards are described in the following sections.
1. Transport Confidentiality
All communication should be using SSL to prevent man-in-the-middle attacks.
2. Server Authentication
Android apps should not ignore any SSL cert errors. The web server should use an SSL cert from a recognized Certificate Authority (CA).
3. User Authentication
Do ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
