This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Mobile Top 10 2014-M4
From OWASP
Revision as of 05:11, 27 January 2014 by Jason Haddix (talk | contribs) (Created page with "{{Top_10_2010:SummaryTableHeaderBeginTemplate}} {{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY}} {{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON}}...")
Threat Agents | Attack Vectors | Security Weakness | Technical Impacts | Business Impacts | |
---|---|---|---|---|---|
Application Specific | Exploitability EASY |
Prevalence COMMON |
Detectability EASY |
Impact SEVERE |
Application / Business Specific |
Threat Description | Attack Vector Description | Security Weakness Description | Technical Impacts | Business Impacts |
Am I Vulnerable To Side Channel Data Leakage?
Unintended data leakage (formerly side-channel data leakage) is a branch of Insecure Data Storage. It includes all manner of vulnerabilities that can be introduced by the OS, frameworks, compiler environment, new hardware, etc, all without a developers knowledge.
In the mobile development world this is most seen in undocumented internal processes such as:
- The way the OS caches data, images, key-presses, logging, and buffers.
- The way the development framework caches data, images, key-presses, logging, and buffers.
- The way or amount of data ad, analytic, social, or enablement frameworks cache data, images, key-presses, logging, and buffers.
How Do I Prevent Side Channel Data Leakage?
How do I prevent
Example Scenarios
Example Scenarios
References
References