I have been working on Security for SAP's Mobile Applications for a few years now with internal developers, and the biggest challenge still seems to be communicating secure development methodologies in a world where the underlying infrastructure changes every few weeks, development paradigms evolve, and innovation happens rapidly in the application and platform spaces.
I can only imagine how tough it must be for developers outside of SAP to keep up with that change, and I think we need to do a better job helping them. The topic came up in the context of partner app certification, and the colleagues from the Integration & Certification Center have created a document with guidelines for partners that is supposed to outline the major security measures we would like to see adressed in mobile applications:
I'm linking to this here also as a request for comments & improvements. I would like to use this blog as a landing page for Mobile Security information for developers; I'll try to curate the links here by technology.
Feel free to pint me to content that you think is relevant and should be included here.
Generic Mobile Security Links
SAP Mobile Platform
- Getting Started with Kapsel - Appendix D -- Security
- Getting Started with Kapsel - Part 8 -- AuthProxy
- Work Manager Security (points to Sybase documentation page)
SAP Mobile Secure & Afaria