pedramjm/appsec-risk-assessment-guide

Contains documentation (guides, resources, links etc.) to accompany the formal application security risk assessment

appsec-risk-assessment-guide

Contains documentation (guides, resources, links etc.) to accompany the formal application security risk assessment

1. Scoping

2. Authentication

3. Session Management

4. Authorisation and Access Control

5. Web and API Functionality

6. Input Checking (untrusted input)

7. File and Resource management

8. Malicious Code and Vulnerabilities

9. Cryptography (Data at rest)

10. Data in Transit / Network Communications

11. Data Protection and PII

12. Logging and Error Handling

13. Business Logic (DoS and Resiliency)

14. Configuration Management and Hardening

15. Cloud Services

16. Android development

17. iOS development