← Older revision
Revision as of 00:02, 9 January 2014
Line 34:
Line 34:
|}
|}
=Code Modification / Injection Technical Risks=
=Code Modification / Injection Technical Risks=
−
This section focuses on key IT operational risks that organizations must consider for applications that store, transmit, or process sensitive information assets in an <i>untrustworthy</i> environment. Risks highlighted in
red
describe technical scenarios in which an adversary modifies the underlying binary of the application:
+
This section focuses on key IT operational risks that organizations must consider for applications that store, transmit, or process sensitive information assets in an <i>untrustworthy</i> environment. Risks highlighted in
green
describe technical scenarios in which an adversary modifies the underlying binary of the application:
<center>[[File:RiskTree-CodeModifiation.png]]</center>
<center>[[File:RiskTree-CodeModifiation.png]]</center>
The primary audience of this section is a technical audience interested in learning more about relevant attack vectors and mitigation strategies that relate to unauthorized code changes.
The primary audience of this section is a technical audience interested in learning more about relevant attack vectors and mitigation strategies that relate to unauthorized code changes.
Line 258:
Line 258:
4. Finally, the application should immediately re-damage the key in memory after the application has finished using it for that particular call.
4. Finally, the application should immediately re-damage the key in memory after the application has finished using it for that particular call.
+
+
== Reverse Engineering and Code Analysis Technical Risks ==
+
+
This section focuses on technical risks that result when an adversary is able to determine how an application is built. Risks highlighted in green in the following graph are discussed in greater detail within this section:
+
<center>[[File:RiskTree-ReverseEngineering]]</center>