Threat modeling begins with a clear understanding of the system in question. There are several areas to consider when trying to understand possible threats to an application. The areas of concern include the mobile application structure, the data, identifying threat agents and methods of attack, and controls to prevent attacks. The threat model should be created with an outline or checklist of items that need to be documented, reviewed, and discussed when developing a mobile application.
In this project, you will create a threat model. There are seven steps, which will lead you through this project, beginning with the scenario as it might occur in the workplace, and continuing with Step 1: “Describe Your Mobile Application Architecture.” Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks to complete.
The following are the deliverables for this project:
In your role as a cyber threat analyst, senior management has asked you to identify how a particular mobile application of your choosing conforms to mobile architecture standards. You are asked to:
This can be fictional or modeled after a real-world application. This will be part of your final report. Click the following links and review the topics and their resources. These resources will guide you in completing this task:
Begin by first reviewing the OWASP Mobile Security Project Testing Guide.
Although mobile applications vary in function, they can be described in general as follows:
In Section 1 of your research report, you will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations.
The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include the hardware and software needed to interoperate with mobile devices and mobile applications.
Include an overview of these topics in your report.
Use Mobile Application and Architecture Considerations to review the architectural considerations for mobile applications and architecture. Then, include those that are relevant to your mobile application in your report to senior management. Address the following questions:
You will include this information in your report.
When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app.
In the previous step, you described your app’s architecture. In Step 2, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. Include a data flow diagram to showing exactly how data are handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements:
In this step, you defined the app’s requirements. Move to the next step, where you will identify any threats to the app’s operation.
Now that you have identified the mobile app’s requirements, you will define its threats.
In Section 3 of the report, you will:
Review this Threat Agent Identification Example resource for an example of threat agent identification.
Review this List of Threat Agents resource for a list of threat agents.
After you have identified threats and threat agents, move to the next step, where you will consider the ways an attacker might reach your app’s data.
In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. These data can be sensitive information to the device or something sensitive to the app itself.
Read these resources on cyberattacks.
Provide senior management an understanding of the possible methods of attack of your app.
When you have identified the attack methods, move to the next step, where you will analyze threats to your app.
You have identified the methods of attack, and now you will discuss the controls to prevent attacks. Consider the following questions:
Note: Not all of the following may apply. You will address only the areas that apply to the application you have chosen.
In the next step, you will complete work on the threat model.
You have just discussed the controls to prevent attacks. You have completed all the components of your report. Now compile all your findings and produce your Threat Model Report.
The following are the deliverables for this project:
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more