Discover published sets by community

Occurs when attackers inject client-side scripts into web views. Mitigate by disabling JavaScript execution or sanitizing input in web views.

When third-party libraries contain vulnerabilities. Use reputable libraries, keep them updated, and review third-party code for security issues.

Software that collects information without user consent. Mitigation includes installing reputable security software and keeping the operating system up-to-date.

Happens when session tokens are not properly protected. Mitigate by using secure token generation, storage, and expiration strategies.

Happens through injection of code that is then executed by the application. Mitigate by using safe APIs and avoiding the interpreter altogether if possible.

A form of phishing conducted via SMS messages. Mitigation involves educating users about the risks of unsolicited SMS links and verification of SMS sources.

Occurs when the server-side application is not secure. Mitigate by having strong server security practices and regular security testing.

Occurs due to default, incomplete, or misconfigured security settings. Mitigate by regularly updating and auditing app settings and frameworks.

Occurs when unvalidated input affects security decisions. Mitigate by never trusting external input and using server-side validation.

Attacks that make a service unavailable to legitimate users. Mitigate by using DoS protection services and thorough traffic monitoring.

Occurs when users are tricked into clicking something different from what they perceive. Prevent by using frame-busting scripts and implementing strict cross-origin policies.

Happens when encryption/decryption is implemented incorrectly. Avoid by using the platform's native APIs and updated encryption algorithms.

Occurs when local device authentication is circumvented. Strengthen by implementing biometric authentication and ensuring fallback methods are secure.

Occurs when app doesn't follow platform guidelines for use of features and security mechanisms. Follow platform best practices and use platform-specific features for security.

Occurs when an app transmits or receives unencrypted data over the network. Enable network security configurations to prevent it.

Attackers manipulate individuals into breaking security procedures. Train users in security awareness and implement stringent protocols for identity verification.

Exploits for vulnerabilities unknown to the software developer. Minimize risk by keeping software up-to-date and using intrusion detection systems.

Attackers deceive users to steal sensitive information. Educate users to recognize phishing attempts and implement anti-phishing technologies.

Exposed data through lack of controls or encryption. Protect by applying encryption and limiting access by app users and developers.

Happens when functions are accessible without proper security checks. Ensure all functions validate the user's permissions before execution.

Happens when sensitive data is written to logs. Ensure logs are sanitized and that sensitive data is never written to logs.

When an app is released without protections against binary attacks. Include runtime detection, code signing, and checksum validations.

Occurs when attackers intercept communications. Use encryption and secured connections to mitigate.

Occurs when unauthorized users modify data. Prevent by using checksums, and digital signatures, and maintaining access controls.

Attackers decompile apps to find vulnerabilities. Mitigate by using code obfuscation, minification, and using native code when possible.

Happen when attackers gain information from the physical implementation of a system. Mitigate by masking operations and timing, and noise injection.

Refers to gaining elevated access to a device's OS. Mitigate by detecting rooted/jailbroken devices and limiting app functionality or denying access.

Happens when data is intercepted during transit due to poor encryption. Use SSL/TLS protocols to secure data in transit and validate all SSL certificates.

Occurs when sensitive information is leaked through system logs, clipboard, or other unintended channels. Avoid logging sensitive info, and monitor and control inter-app communication.

When an app fails to correctly verify the identity of a user. Strengthen by implementing multi-factor authentication and using OAuth or similar protocols.

Occurs when untrusted data is injected into the app. Mitigate by validating and sanitizing all user inputs, and using parameterized queries.

Apps requesting more permissions than necessary can expose them to risks. Apply the principle of least privilege and request only necessary permissions.

Occurs when sensitive data is stored unencrypted on a mobile device. Mitigate by encrypting sensitive data, using secure containers, and following best practices for data storage.

Occurs when internal implementation objects are exposed to users. Mitigate by using access control checks and avoiding exposing internal references to users.