app security

I have had several request for application best practices as it pertains to security.   Security is a very complicated topic and mobile security typically touches many facets of an enterprise.   There are many different application use cases and differing application methodologies (Web, Native, Hybrid, etc) not to mention various deployment options (Corp asset, BYOD, WAN, WLAN, etc.  Also recognize that mobile platforms come in many flavors with varying degrees of capabilities.  The attached document is intended to provide some thoughts around application security. The document is not intended to be a complete guide but should help as a reference.  Please feel free to provide feedback and recommendations on improvements.