🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney.

OWASP Mobile Top 10 · 2024 edition

OWASP Mobile Top 10 Challenges

Cover the OWASP Mobile Top 10 (2024) with hands-on Android and iOS challenges. Developers fix real vulnerabilities in real mobile apps — and build the habits that keep your releases off the incident report.

Capability, not checkbox compliance

Hands-On Challenges for Every Category

The OWASP Mobile Top 10 (2024) is the benchmark for mobile application security. Every challenge below is a real Android or iOS app with a real vulnerability: developers fix it without breaking functionality, and every verified fix becomes reportable evidence of mobile security capability.

M4:2024

Insufficient Input/Output Validation

Untrusted data from intents, deep links and IPC processed without validation.

M7:2024

Insufficient Binary Protections

Apps shipped without obfuscation or integrity protections, making reverse engineering trivial.

Roll it out

Turn the Standard Into a Training Program

Assign these challenges to your team as learning pathways, track verified fixes, and report OWASP Mobile Top 10 coverage to auditors, customers and the board — with evidence, not attendance sheets.