Menu
Cyber Security
Vulnerability in mobile apps can occur due to several reason like misconfiguration in code level bugs. There is a huge need to perform a penetration test and security analysis before releasing a mobile application. If you think in terms of data, there are four layers usually a mobile app will have some data
Another way to think about the data in Mobile Apps are:
0 Comments
Threat modeling is a process of identifying all possible threats to a system so that they can be categorized and analyzed. It's a proactive approach to a system security. Essentially, you are trying to identify and fix the vulnerability before adversaries can exploit them. There are two broad categories:
Goals:
Approaches:
Threat Identification:
STRIDE Method (Developed by Microsoft): S - Spoofing - Attacker trying to gain the access by falsified methods T - Tampering - Any action resulting in unauthorized changes of the data either in transit of storage. R - Repudiation - The ability of user or attacker to deny the activity. I - Information Disclosure - Revelation of private, confidential or controlled information to external and unauthorized sources. D - Denial of Service - An attack to prevent the authorized use of the resource. E - Elevation of Privilege - An attack where a limited user account is transformed into a higher privileged account. |