The same Web security rules apply regardless of the client being used. The good news is that exploitation via phone...
is not quite as easy or convenient. The bad news is that the mobile-centric pages are still accessible to everyone on the Web. The best recommendation is to find and fix the flaws in your existing code before your port it over to the mobile world. For those who've already gone mobile be sure to include the mobile code in your security testing. Even though it may look the same there could be some nuances that lead to security flaws.
Here are some articles I can recommend for testing rich internet applications, Web 2.0 and other online security concerns:
Dig Deeper on Mobile Application Testing Techniques and Tools
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.