ENISA Smartphone Secure Development Guidelines

I just stumbled across this document recently published by the European Network and Information Security Agency (ENISA). It’s part of their smartphone security initiative which we’ve already mentioned in this post.

Here’s an excerpt from the introduction:

“This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work program 2011. It is written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects.

In writing the top 10 controls, we considered the top 10 most important risks for mobile users as described in (1) and (2). As a follow-up we are working on platform-specific guidance and code samples. We hope that these controls provide some simple rules to eliminate the most common vulnerabilities from your code.”

After having a first look at the document’s content I can, while not being a developer myself, state there’s a lot of valuable guidance in it. Which is particularly useful as our assessment experience shows that quite some things (examples to be discussed in this upcoming talk at Troopers) can go wrong as for application security on smartphones.

have a good one




  1. LG should be commended for their hard work but they have certainly got
    a hard act to follow. After setting up of phone with sound devices, you just have to
    press a button on the earpiece to make active voice dialing,
    then speak the name of the person you want to call, and the mobile phone will dial the right number.
    s right, I myself surely could catch my partner cheating easily
    while i knew the best way to go about it, of course, if you apply these key tips,

Leave a Reply

Your email address will not be published. Required fields are marked *