V5: Network Communication Requirements
The purpose of the controls listed in this section is to ensure the confidentiality and integrity of information exchanged between the mobile app and remote service endpoints. At the very least, a mobile app must set up a secure, encrypted channel for network communication using the TLS protocol with appropriate settings. Level 2 lists additional defense-in-depth measure such as SSL pinning.
The OWASP Mobile Security Testing Guide provides detailed instructions for verifying the requirements listed in this section.
For more information, see also: