Under active development — Content is continuously updated and improved

Home / Risk Lists / OWASP Mobile Top 10

OWASP Mobile Top 10 v2024

The OWASP Mobile Top 10 represents the most critical security risks to mobile applications

This is a reference tool, not an authoritative source. For official documentation, visit owasp.org.

10 risks

Authentication — Risks related to authentication

M3Insecure Authentication/Authorization

Binary Protection — Risks related to binary protection

M7Insufficient Binary Protections

Communication — Risks related to communication

M5Insecure Communication

Configuration — Risks related to configuration

M8Security Misconfiguration

Credential Management — Risks related to credential management

M1Improper Credential Usage

Cryptography — Risks related to cryptography

M10Insufficient Cryptography

Data Storage — Risks related to data storage

M9Insecure Data Storage

Input Validation — Risks related to input validation

M4Insufficient Input/Output Validation

Privacy — Risks related to privacy

M6Inadequate Privacy Controls

Supply Chain — Risks related to supply chain

M2Inadequate Supply Chain Security