Difference between revisions of "Technical Guidance"

From Cybersec Standards
Jump to: navigation, search
Line 13: Line 13:
  
 
==== Mobile App Security ====
 
==== Mobile App Security ====
 +
* [https://github.com/OWASP/owasp-mstg OWASP Mobile Security Testing Guide (MSTG)]
 
* [https://github.com/OWASP/owasp-mstg/tree/master/Checklists OWASP Mobile App Security Checklist]
 
* [https://github.com/OWASP/owasp-mstg/tree/master/Checklists OWASP Mobile App Security Checklist]
 
+
* [https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/SecurityDevelopmentChecklists/SecurityDevelopmentChecklists.html Apple Security Development Checklists]
 
=== UK Information Commissioner’s Office-Recommended Security Controls: ===
 
=== UK Information Commissioner’s Office-Recommended Security Controls: ===
 
==== Data Protection Impact Assessment (DPIA) ====
 
==== Data Protection Impact Assessment (DPIA) ====
 
* [https://gdpr.eu/wp-content/uploads/2019/03/dpia-template-v1.pdf Data Protection Impact Assessment Template]
 
* [https://gdpr.eu/wp-content/uploads/2019/03/dpia-template-v1.pdf Data Protection Impact Assessment Template]

Revision as of 00:10, 24 July 2020

This is a guide for implementing technical security controls in order to achieve compliance with data protection and privacy laws.

OWASP-Recommended Security Controls:

Access Control

  • If state data must be stored on the client, use encryption and integrity checking on the server side to catch state tampering


Data Integrity

  • Securely implement transaction authorization to protect the transaction integrity

Data Protection

  • Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks

Mobile App Security

UK Information Commissioner’s Office-Recommended Security Controls:

Data Protection Impact Assessment (DPIA)