Threat modeling a mobile application
A structured task for identifying and evaluating the threats and vulnerabilities of an application is called threat modeling; in simple terms, What could possibly go wrong with my app? This becomes the problem statement for creating the threat model.
In our case, we will look at what could possibly go wrong with our mobile app. There is no straightforward method of creating a model or a proven threat model, particularly for mobile applications.
Note
OWASP has created a sample threat model, which can be found at https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Mobile_Threat_Model#Controls
In order to understand the possible threats to a mobile app, it is necessary to define the information ...
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
