- 3.1 Implement Secure Data Storage
- 3.2 Use SECURE Setting For Cookies
- 3.3 Fully validate SSL/TLS
- 3.4 Protect Against SSL Strip
- 3.5 Limit Use of UUID
- 3.6 Treat Geolocation Data Carefully
- 3.7 Institute Local Session Timeout
- 3.8 Implement Enhanced/Two-Factor Authentication
- 3.9 Protect Application Settings
- 3.10 Hide Account Numbers and Use Tokens
- 3.11 Implement Secure Network Transmission Of Sensitive Data
- 3.12 Validate Input From Client
- 3.13 Avoid Storing App Data in Backups