I\'m starting to introduce mobile web apps to my company but my not-so-techie bo
ID: 650671 • Letter: I
Question
I'm starting to introduce mobile web apps to my company but my not-so-techie boss is worried about web security issues on mobile devices.
I'm new in the mobile world but as a web developer I know the basics about web security (like the best practices listed in OWASP) but I don't know if there's anything else that could make my mobile web app vulnerable specifically for mobile web browsers.
Also, I need an internet article readable from not-so-techie bosses that could help me convince him how secure our mobile web app could be if I apply the common web security best practices.
Can you help me with this?
PS. I'm using Java as my backend and jQuery Mobile as my frontend.
Explanation / Answer
For blog posts, Google Online Security is perhaps a good place to start (link at the bottom). Also check out "Krebs On Security" - he's a journalist, not technical, so his standard of writing is excellent.
As I'm sure you know, being good at web security -mostly- lies in stuff like protecting against the basics and there is no substitute for having your software regularly audited and pen-tested by professionals. Preparing a rough and ready cost-benefit analysis for your boss might be useful in getting sign-off.