The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. The OWASP Top 10 represents a broad consensus on the most critical web application security flaws. The errors on this list occur frequently in web applications, are often easy to find, and easy to exploit. Since there are multiple ways an app can exhibit security problems, and also since there are a variety of security vulnerabilities, it calls for a standard to be followed. AppTrusty follows OWASP Top 10 Mobile standard to find various security loopholes or vulnerabilities in a mobile application.
This applies to Google Android, Apple iOS and Microsoft Windows apps. In a nutshell, AppTrusty tests an application for DAR (Data-At-Rest) and DIT (Data-In-Transit) categories of security vulnerabilities. Following the OWASP standard ensures accurate and elaborate risk detection and risk management of the app being tested.
OWASP Top 10 Standard 2014 :
M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections