owasp-mobile-securitylisted

# OWASP Mobile Security Checker Comprehensive security analysis for Flutter and mobile applications based on OWASP Mobile Top 10 (2024). ## Automated Scanners Four Python scanners cover the most automatable risk categories. Replace `<skill-dir>` with the skill's install path (e.g. `~/.claude/skills/owasp-mobile-security-checker`): ### M1 — Hardcoded Secrets ```bash python3 <skill-dir>/scripts/scan_hardcoded_secrets.py /path/to/project ``` Detects API keys, tokens, passwords, AWS credentials, and Firebase keys in Dart code and config files. ### M2 — Dependency Vulnerabilities ```bash python3 <skill-dir>/scripts/check_dependencies.py /path/to/project ``` Analyzes `pubspec.yaml` for outdated packages, `any` version constraints, and known CVEs. ### M5 — Network Security ```bash python3 <skill-dir>/scripts/check_network_security.py /path/to/project ``` Checks HTTP vs HTTPS usage, certificate pinning, Android Network Security Config, and iOS ATS settings. ### M9 — Insecure Storage ```bash python3 <skill-dir>/scripts/analyze_storage_security.py /path/to/project ``` Identifies unencrypted SharedPreferences, plaintext file storage, unencrypted databases, and insecure backup configurations. ## Manual Analysis M3, M4, M6, M7, M8, and M10 require code review. See `references/owasp_mobile_top_10_2024.md` for Flutter-specific vulnerability patterns, attack flows, and remediation for each category. ## Workflow ```text Is this a comprehensive audit? ├─ YES → Run all 4 scan