B2G App Security Model/Threat Model: Difference between revisions

Jump to navigation Jump to search

B2G App Security Model/Threat Model (view source)

Revision as of 22:41, 16 March 2012

113 bytes added ,  16 March 2012
→‎Potential Countermeasures
No edit summary
Line 69: Line 69:
* Trusted UI for installing application
* Trusted UI for installing application
* Requirement for HSTS for Apps granted permissions (Strict SSL even?)
* Requirement for HSTS for Apps granted permissions (Strict SSL even?)
* User can audit behavior of an app so s/he can uninstall the app if it seems to be doing something undesirable
=== Web App Spoofing ===
=== Web App Spoofing ===
A malicious website or Web App can imitate the look and feel of another Web App in an identical manner (i.e. this threat is higher than on a platform that has native apps, since Web App behavior could be identical between apps.  The attacks that are possible here are varied, complex and constantly changing as new security controls are introduced. Some attacks might be:
A malicious website or Web App can imitate the look and feel of another Web App in an identical manner (i.e. this threat is higher than on a platform that has native apps, since Web App behavior could be identical between apps.  The attacks that are possible here are varied, complex and constantly changing as new security controls are introduced. Some attacks might be:
Adrifelt
3

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/408698"

Navigation menu