Avenu Development Guidelines
Guidelines for application integration development
As part of the client onboarding process Avenu has created a set of guidelines
for mobile application development. This guide is designed to assist developers
with creating a secure, compliant application.
As a general rule of thumb, following the OWASP MAS Checklist is a great start.
We’ve listed a few of the specific guidelines below, and highlighted the critical
areas.
● Ensure application code is secured. Make sure code is not in a public
repository and only authorized developers can access it through proper
authentication and authorization
● Multi-factor authentication is required before the application can go into
production
● Strong Authentication and Authorization for the application
● Ensure secure communication is implemented. Usage of HTTPS, SSL,
end-to-end encryption, VPN, and TLS to secure data in transition
● Ensure application data protection is in place. PII/PCI information is
encrypted
● Perform penetration testing
● Implement a strong SDLC plan for patches, and roadmap for features
● Do not include API keys or other secrets in the mobile application. Instead,
we recommend retrieving them dynamically from your application’s back
end
● Mobile apps or client applications need to use a backend server to talk to
Avenu API so that direct calls from mobile apps to Avenu API’s are
restricted.
Updated over 1 year ago