Kotlin Secure Coding Practices is a guide written for anyone using Kotlin for mobile development.
Kotlin Guide - Mobile Application Secure Coding Practices, is a guide written
for anyone using Kotlin for mobile development.
This guide is a collaborative effort started by Checkmarx Security Research
Team, open sourced for community contributions. Its structure covers the
OWASP Mobile Top 10 2016 intended to help developers avoid common mistakes.
Kotlin is a statically typed programming language for modern multiplatform
applications 100% interoperable with Java™ and Android™, primarily developed
by the team at JetBrains. It is now fully supported by Google as an
alternative to the Android standard Java compiler.
Since May 7th 2019, Kotlin is Google’s preferred language for Android app
development. So, it is important for developers to familiarize with this new
language.
Checkmarx Research Team helps educate developers, security teams, and the
industry overall about common coding errors, and brings awareness of
vulnerabilities that are often introduced during the software development
process.
The primary audience of this guide is Android developers. This guide can still
be used by penetration testers to learn how to identify well-known
vulnerabilities on Kotlin applications.
The authors of this guide mapped the OWASP Mobile Top 10 security weaknesses to
Kotlin on a weakness-by-weakness basis while providing examples,
recommendations, and fixes to help developers avoid common mistakes and
pitfalls. After reading this guide and referring to it often, you will learn how
to ensure you are developing secure mobile apps using Kotlin.
Checkmarx is the global leader in software security solutions for modern
enterprise software development. Checkmarx delivers the industry’s most
comprehensive Software Security Platform that unifies with DevOps and provides
static and interactive application security testing, software composition
analysis and developer AppSec awareness and training programs to reduce and
remediate risk from software vulnerabilities. Checkmarx is trusted by more than
40 percent of the Fortune 100 and half of the Fortune 50, including leading
organizations such as SAP, Samsung and Salesforce.com. Learn more at
www.checkmarx.com.
The OWASP Mobile Security Practices is a centralized resource intended to
give developers and security teams the resources they need to build and maintain
secure mobile applications.
The Mobile Top 10 2016 is the last edition of the top 10 most common mobile
security weaknesses.
OWASP itself is “an open community dedicated to enabling organizations to
conceive, develop, acquire, operate, and maintain applications that can be
trusted. All of the OWASP tools, documents, forums, and chapters are free and
open to anyone interested in improving application security”.
To learn how to contribute, please refer to How-to Contribute section.
This document is released under the Creative Commons Attribution-ShareAlike 4.0
International license (CC BY-SA 4.0). For any reuse or distribution, you must
make clear to others the license terms of this work
https://creativecommons.org/licenses/by-sa/4.0/.