Web App Security

1. Department for Digital, Culture, Media & Sport (DCMS)

1.1. Code of practice for app store operators and app developers

1.1.1. 1. Ensure only apps that meet the code’s security and privacy baseline requirements are allowed on the app store

2. Open Web Application Security Project (OWASP)

2.1. Mobile Application Security Verification Standard (MASVS)

2.1.1. 4.12 MSTG-AUTH-12

2.2. Application Security Verification Standard 4.0.3 (ASVS)

2.2.1. V1.12 Secure File Upload Architecture

2.2.2. V9.2 Server Communication Security

2.2.3. V12.5 File Download

2.2.4. V12.6 SSRF Protection

2.2.5. V13.2 RESTful Web Service

2.2.6. V13.3 SOAP Web Service

2.2.7. V13.4 GraphQL

2.2.8. V14.1 Build and Deploy

2.2.9. V14.2 Dependency

2.2.10. V14.3 Unintended Security Disclosure

2.2.11. V14.4 HTTP Security Headers

2.2.12. V14.5 HTTP Request Header Validation