Third-party software is the most vulnerable component in a system. For example, the iPhones released by Apple might have been fully penetration tested and checked out, but a single app installed after the user has access could circumvent the barriers set up by the manufacturer (Figure 6.1).
It is incorrect to describe “third parties” as simply additional apps that have been installed. Additional third parties could be an application programming interface (API) that was installed for a specific feature in an operating system (OS). Most of the time, this third party may not be in use and is merely lying dormant, waiting to accept input from a local app or from remote users. In many cases, attacks will start ...
Get Network and Data Security for Non-Engineers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
