I am working as a developer of a mobile team. Up to now, we have developed many navite mobile applications on windows mobile and android platforms. Our branch has groved up for the last 2 years and we have not many employees to work with. So we found a solution that covers platform-free application development. So, we will make it possible with a web based mobile application. WCF HTTP services, logging side, database, ssl certificate etc. are ready for this. My questions:
Have you, or members of your team taken a look at the OWASP (Open-Web Application Security Project) wiki? They're an IT security interest group specializing in web application security, as well as general InfoSec (policy, programming, network authentication)
They have provided a variety of FOSS resources for fuzzing, and additionally a variety of dense, no-fluff cheat sheets that I've found to be instrumental in my own pursuits. Good luck.
In particular:
If you're using an SQL back-end, be sure to sanitize your inputs and use prepared statements (friends don't let friends forget about SQLi)