This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Architecture and design principles

From OWASP
Revision as of 12:33, 10 May 2011 by Giles Hogben (talk | contribs)

Jump to: navigation, search

The following is a merge of ENISA, OWASP and Veracode top 10. Note that there is a mixture of threats and vulnerabilities here - we should decide whether to use risks (threats with impact on assets which occur with probability) and vulnerabilities (system flaws which increase the probability of a threat occurring). I have cut those risks/vulnerabilities which cannot be addressed in any way by developers. We should decide whether to include recommendations in the style of "code of practice"- e.g. activity monitoring should only be used in circumstances xyz...

Top Risks/Vulnerabilities

  • Unsafe sensitive data storage
    • Consider the whole data lifecycle in writing your application
    • Automatically delete data which is not required (how to know when it's not required?).
    • Securely delete data using standard shredding techniques.
    • Store a minimum of data on the client side device.
    • Securely wipe removable media
    • Be aware of caches and temporary storage as a possible leakage channel.
    • Implement key and password storage best practice.
    • Figure out what data needs to be protected most and what doesn't.
  • Unintentional disclosure of data: The smartphone user unintentionally discloses data on the smartphone.
    • Apply the principle of minimal disclosure - only collect and disclose data which is required for the application (how to know what this is?)
    • Apply techniques for the detection of covert channels - e.g. covert flow trees to discover information which may flow through shared resources such as file systems, resource use etc...


  • Attacks on decommissioned smartphones: The smartphone is decommissioned improperly allowing an attacker access to the data on the device.
  • Phishing attacks: An attacker collects user credentials (such as passwords and credit card numbers) by means of fake apps or (SMS, email) messages that seem genuine.
  • Spyware: Spyware covers untargeted collection of personal information as opposed to targeted surveillance.
  • Network Spoofing Attacks: An attacker deploys a rogue network access point (WiFi or GSM) and users connect to it. The attacker subsequently intercepts (or tampers with) the user communication to carry out further attacks such as phishing.
  • Surveillance attacks: An attacker keeps a specific user under surveillance through the target user’s smartphone.
  • Diallerware attacks: An attacker steals money from the user by means of malware that makes hidden use of premium SMS services or numbers.
  • Financial malware attacks The smartphone is infected with malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or ecommerce transactions.
  • Network congestion Network resource overload due to smartphone usage leading to network unavailability for the end-user.
  • Unauthorized network connectivity (exfiltration or command & control)
  • UI Impersonation
  • System modification (rootkit, APN proxy config)
  • Logic or Time bomb (including runtime interpreter)
  • Unsafe sensitive data transmission
  • Hardcoded password/keys
  • Lack of data protection in transit
  • Client-side injection
  • Client-side DOS
  • Malicious third-party code
  • Client-side buffer overflow
  • Failure to properly handle inbound SMS messages
  • Failure to properly handle outbound SMS messages
  • Failure to disable insecure platform features in application (caching of keystrokes, screen data)