preview

Information Gathering : Information And Intelligence Gathering

Decent Essays

1. Information gathering: information and intelligence gathering are the foundations of a good vulnerability assessment, to understand how the application “should” work, as well as technologies in use, it would be able to detect when the application behaves in ways it “shouldn’t”. Information can be obtained by:
• Manually navigating through the application to understand basic functionality of the application
• Observe the network interface used by the application - Mobile communication(GSM, GPRS, EDGE, LTE), Wireless (Wi-Fi (802.11 standards), Bluetooth, NFC), Virtual interfaces (VPN)
• Identify what frameworks are in use
• Identify server side APIs that are in use -
- Does the application leverage Single Sign On or Authentication APIs(OAuth, Google Apps)
- Any other APIs in use(Payment gateways, sms messaging, social network, cloud file storage)
• Identify networking protocols in use - Are secure protocols used where needed
• Identify applications with which the application interacts - Telephone (SMS, phone), Contacts, ICloud, Email
This also shows techniques used to gather information such as system scanning, network scanning, port scanning, system identification, service identification scanning
Deliverables: data and intelligence gathering that would aid in the implementation of the vulnerability assessment
Outcome/output: clear understanding of the application of the EFB system
2. Vulnerability Assessment:
The security technique that would be employed in this

Get Access