Avenu Development Guidelines

Guidelines for application integration development

As part of the client onboarding process Avenu has created a set of guidelines
for mobile application development. This guide is designed to assist developers
with creating a secure, compliant application.

As a general rule of thumb, following the OWASP MAS Checklist is a great start.
We’ve listed a few of the specific guidelines below, and highlighted the critical
areas.

● Ensure application code is secured. Make sure code is not in a public
repository and only authorized developers can access it through proper
authentication and authorization

● Multi-factor authentication is required before the application can go into
production

● Strong Authentication and Authorization for the application

● Ensure secure communication is implemented. Usage of HTTPS, SSL,
end-to-end encryption, VPN, and TLS to secure data in transition

● Ensure application data protection is in place. PII/PCI information is
encrypted

● Perform penetration testing

● Implement a strong SDLC plan for patches, and roadmap for features

● Do not include API keys or other secrets in the mobile application. Instead,
we recommend retrieving them dynamically from your application’s back
end

● Mobile apps or client applications need to use a backend server to talk to
Avenu API so that direct calls from mobile apps to Avenu API’s are
restricted.