Smart Phones With Dumb Apps: Threat Modeling For Mobile Applications
No ratings
Presented at OWASP Appsec 2010 by
Enterprises are targeting both internal users and customers with smartphone applications for platforms such as Apple iPhone and Google Android. Many of these applications are constructed without fully considering the associated security implications of their deployment. Breaches can impact both users as well as the enterprise distributing the application as attackers take advantage of expanded access to sensitive data and network services. Threat Modeling is an established practice used to identify potential security issues before starting development and holds promise for organizations developing leading-edge smartphone applications. This talk discusses emerging threats associated with deploying smartphone applications and provides an overview of the Threat Modeling process. The presentation then walks through specific examples of how Threat Modeling can be most effectively used in the development of smartphone applications, helping proactively address potential design-level security issues that can be expensive and challenging to fix.